What is the vulnerability ID for the Motorola ACE1000 RTU firmware mishandling?

The vulnerability ID for the Motorola ACE1000 RTU firmware mishandling is CVE-2022-30272.

What is the severity rating of CVE-2022-30272?

CVE-2022-30272 has a severity rating of 7.2 (high).

How does CVE-2022-30272 affect the Motorola Ace1000 Firmware?

CVE-2022-30272 affects the Motorola Ace1000 Firmware by mishandling firmware integrity.

How are firmware updates performed in the Motorola ACE1000 RTU?

Firmware updates in the Motorola ACE1000 RTU are performed either through the STS software suite or ACE1000 Easy Configurator.

What is the Common Weakness Enumeration (CWE) ID for CVE-2022-30272?

The Common Weakness Enumeration (CWE) ID for CVE-2022-30272 is CWE-345.

Vulnerability/
CVE-2022-30272

high

7.2

CWE

345

26/7/2022

3/8/2024

CVE-2022-30272

First published: Tue Jul 26 2022(Updated: )

The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy Configurator, firmware updates are performed through access to the Web UI where file system, kernel, package, bundle, or application images can be installed. Firmware updates for the Front End Processor (FEP) module are performed via access to the SSH interface (22/TCP), where a .hex file image is transferred and a bootloader script invoked. File system, kernel, package, and bundle updates are supplied as RPM (RPM Package Manager) files while FEP updates are supplied as S-rec files. In all cases, firmware images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Motorola Ace1000 Firmware
Motorola ACE1000
All of
Motorola Ace1000 Firmware
Motorola ACE1000
Motorola Solutions ACE1000

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-22-179-06

Frequently Asked Questions

What is the vulnerability ID for the Motorola ACE1000 RTU firmware mishandling?
The vulnerability ID for the Motorola ACE1000 RTU firmware mishandling is CVE-2022-30272.
What is the severity rating of CVE-2022-30272?
CVE-2022-30272 has a severity rating of 7.2 (high).
How does CVE-2022-30272 affect the Motorola Ace1000 Firmware?
CVE-2022-30272 affects the Motorola Ace1000 Firmware by mishandling firmware integrity.
How are firmware updates performed in the Motorola ACE1000 RTU?
Firmware updates in the Motorola ACE1000 RTU are performed either through the STS software suite or ACE1000 Easy Configurator.
What is the Common Weakness Enumeration (CWE) ID for CVE-2022-30272?
The Common Weakness Enumeration (CWE) ID for CVE-2022-30272 is CWE-345.

collector/nvd-index
agent/type
agent/first-publish-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/author
agent/weakness
agent/description
agent/event
agent/severity
agent/references
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
collector/mitre-cve
source/MITRE
vendor/motorola
canonical/motorola ace1000 firmware
canonical/motorola ace1000
vendor/motorola solutions
canonical/motorola solutions ace1000

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.