What is CVE-2022-30269?

CVE-2022-30269 is a vulnerability that affects Motorola ACE1000 RTUs through 2022-05-02 and mishandles application integrity.

How does CVE-2022-30269 impact Motorola ACE1000 RTUs?

CVE-2022-30269 allows for custom application installation via STS software, C toolkit, or the ACE1000 Easy Configurator, potentially compromising the integrity of the system.

Which software versions are affected by CVE-2022-30269?

Motorola Ace1000 Firmware versions through 2022-05-02 are affected by CVE-2022-30269.

How can CVE-2022-30269 be exploited?

CVE-2022-30269 can be exploited by uploading malicious application images (PLX/DAT/APP/CRC files) through the ACE1000 Easy Configurator.

Is there a fix for CVE-2022-30269?

Motorola has not released a patch or mitigation for CVE-2022-30269. It is recommended to follow the guidance provided by US-CERT and monitor for updates from the vendor.

Vulnerability/
CVE-2022-30269

high

8.8

CWE

345

26/7/2022

3/8/2024

CVE-2022-30269

First published: Tue Jul 26 2022(Updated: )

Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images (as PLX/DAT/APP/CRC files) are uploaded via the Web UI. In case of the C toolkit, they are transferred and installed using SFTP/SSH. In each case, application images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Motorola Ace1000 Firmware
Motorola ACE1000
Motorola Solutions ACE1000

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-22-179-06

Frequently Asked Questions

What is CVE-2022-30269?
CVE-2022-30269 is a vulnerability that affects Motorola ACE1000 RTUs through 2022-05-02 and mishandles application integrity.
How does CVE-2022-30269 impact Motorola ACE1000 RTUs?
CVE-2022-30269 allows for custom application installation via STS software, C toolkit, or the ACE1000 Easy Configurator, potentially compromising the integrity of the system.
Which software versions are affected by CVE-2022-30269?
Motorola Ace1000 Firmware versions through 2022-05-02 are affected by CVE-2022-30269.
How can CVE-2022-30269 be exploited?
CVE-2022-30269 can be exploited by uploading malicious application images (PLX/DAT/APP/CRC files) through the ACE1000 Easy Configurator.
Is there a fix for CVE-2022-30269?
Motorola has not released a patch or mitigation for CVE-2022-30269. It is recommended to follow the guidance provided by US-CERT and monitor for updates from the vendor.

collector/nvd-index
agent/type
agent/last-modified-date
agent/first-publish-date
agent/weakness
agent/severity
agent/references
agent/author
agent/description
agent/event
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
collector/mitre-cve
source/MITRE
vendor/motorola
canonical/motorola ace1000 firmware
canonical/motorola ace1000
vendor/motorola solutions
canonical/motorola solutions ace1000

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.