CVE-2026-0715 is a vulnerability identified in the Moxa UC-1200A Series industrial computers running Moxa Industrial Linux Secure. These devices use a device-unique bootloader password printed on the device, which can be leveraged by an attacker with physical access to gain entry to the bootloader menu via a serial interface. The bootloader menu access does not allow an attacker to escalate privileges or take full control of the system because the bootloader enforces strict digital signature verification, permitting only Moxa-signed firmware images to be flashed. Consequently, while an attacker cannot install malicious firmware or execute arbitrary code, they could potentially cause a temporary denial-of-service by reflashing a valid image, disrupting device availability. The vulnerability requires physical access, no user interaction, and no authentication beyond the bootloader password, which is device-unique but accessible. Remote exploitation is not feasible. The CVSS 4.0 vector (AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) reflects high impact on confidentiality, integrity, and availability but limited attack vector scope. No known exploits are currently in the wild, and no patches have been published yet. This vulnerability is categorized under CWE-522, indicating insufficiently protected credentials.

For European organizations, especially those operating critical infrastructure, manufacturing, or industrial automation environments using Moxa UC-1200A Series devices, this vulnerability poses a risk primarily through physical access attacks. The potential impact includes temporary denial-of-service conditions that could disrupt industrial processes or monitoring systems. Although the inability to install malicious firmware limits the risk of persistent compromise or data exfiltration, the exposure of bootloader access credentials could facilitate sabotage or operational interruptions. Confidentiality is moderately impacted since the bootloader password is device-unique but physically accessible, potentially allowing unauthorized bootloader menu access. Integrity and availability are at risk due to the possibility of reflashing valid firmware images to disrupt device operation. The requirement for physical access reduces the attack surface but also highlights the importance of physical security in industrial environments. The lack of remote exploitability means network perimeter defenses are less relevant, but insider threats or physical intrusion remain concerns.

European organizations should implement strict physical security controls around Moxa UC-1200A Series devices, including locked cabinets, restricted access areas, and surveillance to prevent unauthorized physical access. Monitoring and logging of serial interface usage can help detect unauthorized bootloader access attempts. Organizations should verify that all devices run the latest firmware and software versions once patches become available from Moxa. Employing tamper-evident seals or hardware security modules to protect bootloader credentials can reduce risk. Additionally, segmenting industrial control networks and limiting physical access points can minimize exposure. Training personnel on the importance of physical security and establishing incident response plans for suspected physical tampering are also recommended. Since no patches are currently available, these compensating controls are critical. Regular audits of device deployment and access policies will help maintain security posture.