9.8

CVE-2022-30274

EPSS 0.17%
Veröffentlicht 26.07.2022 23:15:08
Zuletzt bearbeitet 21.11.2024 07:02:28
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm (TEA) in ECB mode using a hardcoded key. Similarly, the ACE1000 RTU can route MDLC traffic over Extended Command and Management Protocol (XCMP) and Network Layer (XNL) networks via the MDLC driver. Authentication to the XNL port is protected by TEA in ECB mode using a hardcoded key.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Motorola ≫ Ace1000 Firmware Version-

Motorola ≫ Ace1000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.381

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.forescout.com/blog/

Not Applicable

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-06

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2022-30274

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-30274

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-30274

EUVD