CVE-2022-30274

Published: Jul 26, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm (TEA) in ECB mode using a hardcoded key. Similarly, the ACE1000 RTU can route MDLC traffic over Extended Command and Management Protocol (XCMP) and Network Layer (XNL) networks via the MDLC driver. Authentication to the XNL port is protected by TEA in ECB mode using a hardcoded key.

Affected (1)

Products: Motorola: Ace1000 Firmware

1 product

Ace1000 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Motorola Ace1000 Firmware	All versions

Running on/with	Platform Versions
Motorola Ace1000	All versions

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-06

Source: cve@mitre.org

MitigationThird Party AdvisoryUS Government Resource

https://www.forescout.com/blog/

Source: cve@mitre.org

Not Applicable

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-06

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

https://www.forescout.com/blog/

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

Timeline

No history available yet.