CVE-2026-0715

Name of the Vulnerable Software and Affected Versions Moxa Arm-based industrial computers running Moxa Industrial Linux Secure (affected versions not specified)

Description Moxa Arm-based industrial computers running Moxa Industrial Linux Secure utilize a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface. Access to the bootloader menu does not allow full system takeover or privilege escalation, as the bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. This prevents the installation of malicious firmware or execution of arbitrary code. The primary impact is limited to a potential temporary denial-of-service condition if a valid image is reflashed. Remote exploitation is not possible.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.