CVE-2022-30269

Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images (as PLX/DAT/APP/CRC files) are uploaded via the Web UI. In case of the C toolkit, they are transferred and installed using SFTP/SSH. In each case, application images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-06	Mitigation Third Party Advisory US Government Resource
https://www.forescout.com/blog/	Not Applicable

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:motorola:ace1000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:motorola:ace1000:-:*:*:*:*:*:*:*

History

02 Aug 2022, 20:03

Type	Values Removed	Values Added
References	~~(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-06 -~~	(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-06 - Mitigation, Third Party Advisory, US Government Resource
References	~~(MISC) https://www.forescout.com/blog/ -~~	(MISC) https://www.forescout.com/blog/ - Not Applicable
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
First Time		Motorola Motorola ace1000 Firmware Motorola ace1000
CPE		cpe:2.3:h:motorola:ace1000:-:::::::* cpe:2.3:o:motorola:ace1000_firmware:-:::::::*
CWE		CWE-345

26 Jul 2022, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-07-26 23:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-30269

Mitre link : CVE-2022-30269

CVE.ORG link : CVE-2022-30269

JSON object : View

Products Affected

motorola

ace1000_firmware
ace1000

CWE

CWE-345

Insufficient Verification of Data Authenticity

{"id": "CVE-2022-30269", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-07-26T23:15:08.097", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-06", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://www.forescout.com/blog/", "tags": ["Not Applicable"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images (as PLX/DAT/APP/CRC files) are uploaded via the Web UI. In case of the C toolkit, they are transferred and installed using SFTP/SSH. In each case, application images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks."}, {"lang": "es", "value": "Motorola ACE1000 RTUs versiones hasta 02-05-2022, manejan inapropiadamente la integridad de las aplicaciones. Permiten la instalaci\u00f3n de aplicaciones personalizadas por medio del software STS, el kit de herramientas C o el ACE1000 Easy Configurator. En el caso del Easy Configurator, las im\u00e1genes de las aplicaciones (como archivos PLX/DAT/APP/CRC) son cargadas por medio de la Interfaz de Usuario Web. En el caso del kit de herramientas C, son transferidas e instaladas mediante SFTP/SSH. En cada caso, las im\u00e1genes de la aplicaci\u00f3n no ten\u00edan autenticaci\u00f3n (en forma de firma de firmware) y s\u00f3lo eran basadas en sumas de comprobaci\u00f3n no seguras para las comprobaciones de integridad peri\u00f3dicas"}], "lastModified": "2022-08-02T20:03:02.587", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:motorola:ace1000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D94120E5-38DE-44EF-B1D6-C418DC816D25"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:motorola:ace1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D16356CC-9056-4675-8DBE-EF395A5529E8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}