CVE-2022-30276
https://notcve.org/view.php?id=CVE-2022-30276
The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. They feature IP Gateway modules which allow for interfacing between Motorola Data Link Communication (MDLC) networks (potentially over a variety of serial, RF and/or Ethernet links) and TCP/IP networks. Communication with RTUs behind the gateway is done by means of the proprietary IPGW protocol (5001/TCP). This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality. Motorola MOSCAD and ACE line of RTUs versiones hasta 02-05-2022, omiten un requisito de autenticación. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-04 https://www.forescout.com/blog • CWE-306: Missing Authentication for Critical Function •
CVE-2015-7936
https://notcve.org/view.php?id=CVE-2015-7936
Cross-site request forgery (CSRF) vulnerability in Motorola Solutions MOSCAD IP Gateway allows remote attackers to hijack the authentication of administrators for requests that modify a password. Vulnerabilidad de CSRF en Motorola Solutions MOSCAD IP Gateway permite a atacantes remotos secuestrar la autenticación de administradores para peticiones que modifican una contraseña. • http://www.securityfocus.com/bid/79624 https://ics-cert.us-cert.gov/advisories/ICSA-15-351-02 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2015-7935
https://notcve.org/view.php?id=CVE-2015-7935
Motorola Solutions MOSCAD IP Gateway allows remote attackers to read arbitrary files via unspecified vectors. Motorola Solutions MOSCAD IP Gateway permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/79624 https://ics-cert.us-cert.gov/advisories/ICSA-15-351-02 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •