CVE-2022-30274

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm (TEA) in ECB mode using a hardcoded key. Similarly, the ACE1000 RTU can route MDLC traffic over Extended Command and Management Protocol (XCMP) and Network Layer (XNL) networks via the MDLC driver. Authentication to the XNL port is protected by TEA in ECB mode using a hardcoded key.

Motorola ACE1000 RTU versiones hasta 02-05-2022, usa el cifrado ECB de forma no segura. Puede comunicarse con una pasarela XRT de LAN a radio por medio de un cliente integrado. Las credenciales para acceder a esta pasarela son almacenadas después de ser encriptadas con el algoritmo de encriptación Tiny (TEA) en modo ECB usando una clave embebida. Del mismo modo, la RTU ACE1000 puede rutar el tráfico MDLC a través de las redes Extended Command and Management Protocol (XCMP) y Network Layer (XNL) por medio del controlador MDLC. La autenticación al puerto XNL está protegida por TEA en modo ECB usando una clave embebida

*Credits: N/A

CVSS Scores

NISTv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-05-04 CVE Reserved
2022-07-26 CVE Published
2024-02-16 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-798: Use of Hard-coded Credentials

CAPEC

References (2)

URL	Tag	Source
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-06	Mitigation
https://www.forescout.com/blog	Not Applicable

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Motorola Search vendor "Motorola"	Ace1000 Firmware Search vendor "Motorola" for product "Ace1000 Firmware"	-	-	Affected	in	Motorola Search vendor "Motorola"	Ace1000 Search vendor "Motorola" for product "Ace1000"	-	-	Safe