CVE-2026-0714

Name of the Vulnerable Software and Affected Versions Moxa Industrial Linux 3 (affected versions not specified)

Description A physical attack is possible on certain Moxa industrial computers utilizing TPM-backed LUKS full-disk encryption. The discrete TPM is connected to the CPU via an SPI bus. Successful exploitation requires invasive physical access, including opening the device and connecting external equipment to the SPI bus to capture TPM communications. If successful, the captured data may allow offline decryption of the eMMC contents. This attack requires extended physical access, possession of the device, appropriate equipment, and sufficient time for signal capture and analysis. Remote exploitation is not possible. The attack involves capturing TPM communications via the SPI bus. LUKS (Linux Unified Key Setup) is a disk encryption specification. eMMC (embedded MultiMediaCard) is a type of flash memory used in many embedded systems.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.