{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4483", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "state": "PUBLISHED", "assignerShortName": "Moxa", "dateReserved": "2026-03-20T06:25:28.602Z", "datePublished": "2026-04-08T07:25:03.348Z", "dateUpdated": "2026-04-08T13:53:26.094Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2026-04-08T09:31:29.457Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-782", "description": "CWE-782: Exposed IOCTL with Insufficient Access Control", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122: Privilege Abuse"}]}], "affected": [{"vendor": "Moxa", "product": "MxGeneralIo", "platforms": ["Windows 7 x86"], "versions": [{"status": "affected", "version": "1.0", "lessThan": "1.4.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "MxGeneralIo", "platforms": ["Windows 10", "Windows 11"], "versions": [{"status": "affected", "version": "1.0", "lessThan": "1.5.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "MxGeneralIo", "platforms": ["Windows 7 x64"], "versions": [{"status": "affected", "version": "1.0", "lessThan": "1.4.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:moxa:mxgeneralio:*:*:windows_7_x86:*:*:*:*:*", "versionStartIncluding": "1.0", "versionEndExcluding": "1.4.0"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:moxa:mxgeneralio:*:*:windows_10:*:*:*:*:*", "versionStartIncluding": "1.0", "versionEndExcluding": "1.5.0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:moxa:mxgeneralio:*:*:windows_11:*:*:*:*:*", "versionStartIncluding": "1.0", "versionEndExcluding": "1.5.0"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:moxa:mxgeneralio:*:*:windows_7_x64:*:*:*:*:*", "versionStartIncluding": "1.0", "versionEndExcluding": "1.4.0"}]}]}], "descriptions": [{"lang": "en", "value": "An exposed IOCTL with an\u00a0 insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa\u2019s industrial x86 computers.\u00a0The affected utility, MxGeneralIo, exposes IOCTL methods that permit direct read and write access to MSR and system memory.\u00a0A local attacker with high privileges could abuse these interfaces to perform unauthorized operations.\u00a0Successful exploitation may result in privilege escalation on Windows 7 systems or cause a system crash (BSoD) on Windows 10 and 11 systems, leading to a denial-of-service condition.\u00a0The vulnerability could slightly affect the confidentiality and integrity of the device, but availability might be heavily impacted.\u00a0No impact to the subsequent system has been identified.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An exposed IOCTL with an  insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa\u2019s industrial x86 computers. The affected utility, MxGeneralIo, exposes IOCTL methods that permit direct read and write access to MSR and system memory. A local attacker with high privileges could abuse these interfaces to perform unauthorized operations. Successful exploitation may result in privilege escalation on Windows 7 systems or cause a system crash (BSoD) on Windows 10 and 11 systems, leading to a denial-of-service condition. The vulnerability could slightly affect the confidentiality and integrity of the device, but availability might be heavily impacted. No impact to the subsequent system has been identified."}]}], "references": [{"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-254811-cve-2026-4483-exposed-ioctl-with-insufficient-access-control-vulnerability-in-the-utility-for-x86-computers", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Jason Huang from TXOne Networks Inc.", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T13:53:18.890748Z", "id": "CVE-2026-4483", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T13:53:26.094Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4483", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-08T13:53:18.890748Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T13:53:22.446Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Jason Huang from TXOne Networks Inc."}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122: Privilege Abuse"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Moxa", "product": "MxGeneralIo", "versions": [{"status": "affected", "version": "1.0", "lessThan": "1.4.0", "versionType": "custom"}], "platforms": ["Windows 7 x86"], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "MxGeneralIo", "versions": [{"status": "affected", "version": "1.0", "lessThan": "1.5.0", "versionType": "custom"}], "platforms": ["Windows 10", "Windows 11"], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "MxGeneralIo", "versions": [{"status": "affected", "version": "1.0", "lessThan": "1.4.0", "versionType": "custom"}], "platforms": ["Windows 7 x64"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-254811-cve-2026-4483-exposed-ioctl-with-insufficient-access-control-vulnerability-in-the-utility-for-x86-computers", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "An exposed IOCTL with an\u00a0 insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa\u2019s industrial x86 computers.\u00a0The affected utility, MxGeneralIo, exposes IOCTL methods that permit direct read and write access to MSR and system memory.\u00a0A local attacker with high privileges could abuse these interfaces to perform unauthorized operations.\u00a0Successful exploitation may result in privilege escalation on Windows 7 systems or cause a system crash (BSoD) on Windows 10 and 11 systems, leading to a denial-of-service condition.\u00a0The vulnerability could slightly affect the confidentiality and integrity of the device, but availability might be heavily impacted.\u00a0No impact to the subsequent system has been identified.", "supportingMedia": [{"type": "text/html", "value": "An exposed IOCTL with an  insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa\u2019s industrial x86 computers. The affected utility, MxGeneralIo, exposes IOCTL methods that permit direct read and write access to MSR and system memory. A local attacker with high privileges could abuse these interfaces to perform unauthorized operations. Successful exploitation may result in privilege escalation on Windows 7 systems or cause a system crash (BSoD) on Windows 10 and 11 systems, leading to a denial-of-service condition. The vulnerability could slightly affect the confidentiality and integrity of the device, but availability might be heavily impacted. No impact to the subsequent system has been identified.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-782", "description": "CWE-782: Exposed IOCTL with Insufficient Access Control"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moxa:mxgeneralio:*:*:windows_7_x86:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.4.0", "versionStartIncluding": "1.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moxa:mxgeneralio:*:*:windows_10:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.5.0", "versionStartIncluding": "1.0"}, {"criteria": "cpe:2.3:a:moxa:mxgeneralio:*:*:windows_11:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.5.0", "versionStartIncluding": "1.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moxa:mxgeneralio:*:*:windows_7_x64:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.4.0", "versionStartIncluding": "1.0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2026-04-08T09:31:29.457Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4483", "state": "PUBLISHED", "dateUpdated": "2026-04-08T13:53:26.094Z", "dateReserved": "2026-03-20T06:25:28.602Z", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "datePublished": "2026-04-08T07:25:03.348Z", "assignerShortName": "Moxa"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An exposed IOCTL with an\u00a0 insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa\u2019s industrial x86 computers.\u00a0The affected utility, MxGeneralIo, exposes IOCTL methods that permit direct read and write access to MSR and system memory.\u00a0A local attacker with high privileges could abuse these interfaces to perform unauthorized operations.\u00a0Successful exploitation may result in privilege escalation on Windows 7 systems or cause a system crash (BSoD) on Windows 10 and 11 systems, leading to a denial-of-service condition.\u00a0The vulnerability could slightly affect the confidentiality and integrity of the device, but availability might be heavily impacted.\u00a0No impact to the subsequent system has been identified."}], "id": "CVE-2026-4483", "lastModified": "2026-04-08T21:26:35.910", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@moxa.com", "type": "Secondary"}]}, "published": "2026-04-08T08:16:24.007", "references": [{"source": "psirt@moxa.com", "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-254811-cve-2026-4483-exposed-ioctl-with-insufficient-access-control-vulnerability-in-the-utility-for-x86-computers"}], "sourceIdentifier": "psirt@moxa.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-782"}], "source": "psirt@moxa.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows_7_x86"], "status": "affected", "versions": {"scheme": "generic", "value": "[1.0,1.4.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "MxGeneralIo", "source": "cna", "vendor": "Moxa"}, "product": "mxgeneralio", "vendor": "moxa"}, {"configurations": [{"platform": ["windows_10", "windows_11"], "status": "affected", "versions": {"scheme": "generic", "value": "[1.0,1.5.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "MxGeneralIo", "source": "cna", "vendor": "Moxa"}, "product": "mxgeneralio", "vendor": "moxa"}, {"configurations": [{"platform": ["windows_7_x64"], "status": "affected", "versions": {"scheme": "generic", "value": "[1.0,1.4.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "MxGeneralIo", "source": "cna", "vendor": "Moxa"}, "product": "mxgeneralio", "vendor": "moxa"}], "analysis": {"en": {"generated_at": "2026-04-08T08:50:31.139100+00:00", "value": {"mitigation_remediation": ["Apply the official Moxa patch for MxGeneralIo", "Verify that the patched version of MxGeneralIo is installed on all affected systems", "Reboot the systems after patch deployment to ensure the patch takes effect"], "summary": {"action": "Apply Patch", "impact": "Privilege escalation and denial of service"}, "threat_synthesis": {"affected_systems": "Affected systems include any installation of the MxGeneralIo utility on Moxa x86 industrial computers running Windows\u202f7 (both x86 and x64), Windows\u202f10, or Windows\u202f11. The CVE entry does not list specific utility versions, so any version of the utility on those platforms is potentially vulnerable.", "description_and_impact": "The MxGeneralIo utility for Moxa\u2019s industrial x86 computers exposes IOCTL interfaces that allow direct read and write access to MSR registers and system memory without sufficient access control. A local attacker who already has high privileges can exploit these interfaces to read sensitive data, modify memory, and perform unauthorized operations. Successful exploitation can result in privilege escalation on Windows\u202f7 systems or trigger a system crash (BSOD) on Windows\u202f10 and Windows\u202f11, effectively causing a denial\u2011of\u2011service condition. The flaw may also slightly affect the confidentiality and integrity of the device, although no further impact downstream has been identified.", "risk_and_exploitability": "The CVSS score of 7.0 indicates a medium to high severity. Exploitation requires local access with high privileges, so the likelihood of attack in the wild may be limited. EPSS data is not available, but the vulnerability is not listed in the CISA KEV catalog. Because a successful exploit can lead to a system crash on newer Windows editions and produce privilege escalation on Windows\u202f7, the potential impact on availability and security remains significant. Administrators should treat this issue as a priority for patching."}}}}, "created": "2026-04-08T19:30:59.080657+00:00", "title": "Exposed IOCTL in MxGeneralIo Utility Enables Privilege Escalation and DoS", "updated": "2026-04-08T19:43:30.352046+00:00", "vendors": ["moxa", "moxa$PRODUCT$mxgeneralio"]}