9.8

CVE-2022-30274

EPSS 0.17%
Published 26.07.2022 23:15:08
Last modified 21.11.2024 07:02:28
Source cve@mitre.org
Teams watchlist Login
Open Login

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm (TEA) in ECB mode using a hardcoded key. Similarly, the ACE1000 RTU can route MDLC traffic over Extended Command and Management Protocol (XCMP) and Network Layer (XNL) networks via the MDLC driver. Authentication to the XNL port is protected by TEA in ECB mode using a hardcoded key.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Motorola ≫ Ace1000 Firmware Version-

Motorola ≫ Ace1000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.381

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.forescout.com/blog/

Not Applicable

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-06

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2022-30274

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-30274

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-30274

EUVD