Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-30274

Published: 26/07/2022 Updated: 02/08/2022
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Ace1000 Firmware

Vulnerability Summary

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm (TEA) in ECB mode using a hardcoded key. Similarly, the ACE1000 RTU can route MDLC traffic over Extended Command and Management Protocol (XCMP) and Network Layer (XNL) networks via the MDLC driver. Authentication to the XNL port is protected by TEA in ECB mode using a hardcoded key.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

motorola ace1000_firmware -

ICS Advisories

Motorola Solutions ACE1000

References

CWE-798https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-06https://www.forescout.com/blog/https://nvd.nist.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-179-06
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook