CVE-2022-30269 — HIGH (8.8)

Vulnerability Description

Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images (as PLX/DAT/APP/CRC files) are uploaded via the Web UI. In case of the C toolkit, they are transferred and installed using SFTP/SSH. In each case, application images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Motorola	Ace1000 Firmware	-
Motorola	Ace1000	-

Related Weaknesses (CWE)

CWE-345

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-06MitigationThird Party AdvisoryUS Government Resource
https://www.forescout.com/blog/Not Applicable
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-06MitigationThird Party AdvisoryUS Government Resource
https://www.forescout.com/blog/Not Applicable

FAQ

What is CVE-2022-30269?

CVE-2022-30269 is a vulnerability with a CVSS score of 8.8 (HIGH). Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In th...

How severe is CVE-2022-30269?

CVE-2022-30269 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-30269?

Check the references section above for vendor advisories and patch information. Affected products include: Motorola Ace1000 Firmware, Motorola Ace1000.