← Back

CVE-2022-30270

nvd nist
Published: Jul 26, 2022Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

The Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface on port 22/TCP. This interface is used for remote maintenance and for SFTP file-transfer operations that are part of engineering software functionality. Access to this interface is controlled by 5 preconfigured accounts (root, abuilder, acelogin, cappl, ace), all of which come with default credentials. Although the ACE1000 documentation mentions the root, abuilder and acelogin accounts and instructs users to change the default credentials, the cappl and ace accounts remain undocumented and thus are unlikely to have their credentials changed.

Affected (1)

Motorola
1 product
Ace1000 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ace1000 Firmware
All versions
Running on/withPlatform Versions
Motorola
Ace1000
All versions

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

Source: cve@mitre.org
MitigationThird Party AdvisoryUS Government Resource
Source: cve@mitre.org
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable

Timeline

No history available yet.