CVE-2022-30274

CRITICAL

9.8

Descricao

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm (TEA) in ECB mode using a hardcoded key. Similarly, the ACE1000 RTU can route MDLC traffic over Extended Command and Management Protocol (XCMP) and Network Layer (XNL) networks via the MDLC driver. Authentication to the XNL port is protected by TEA in ECB mode using a hardcoded key.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado7/26/2022

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

motorola:ace1000motorola:ace1000_firmware

Fraquezas (CWE)

CWE-798

Referencias

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-06(cve@mitre.org)

https://www.forescout.com/blog/(cve@mitre.org)

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-06(af854a3a-2127-422b-91ae-364da2661108)

https://www.forescout.com/blog/(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.