Unrated severityNVD Advisory· Published Jul 26, 2022· Updated Aug 3, 2024
CVE-2022-30269
CVE-2022-30269
Description
Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images (as PLX/DAT/APP/CRC files) are uploaded via the Web UI. In case of the C toolkit, they are transferred and installed using SFTP/SSH. In each case, application images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Motorola/ACE1000 RTUsdescription
- Range: <= 2022-05-02
Patches
Vulnerability mechanics
References
2- www.cisa.gov/uscert/ics/advisories/icsa-22-179-06mitrex_refsource_MISC
- www.forescout.com/blog/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.