CVE-2022-30276
First published: Tue Jul 26 2022(Updated: )
The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. They feature IP Gateway modules which allow for interfacing between Motorola Data Link Communication (MDLC) networks (potentially over a variety of serial, RF and/or Ethernet links) and TCP/IP networks. Communication with RTUs behind the gateway is done by means of the proprietary IPGW protocol (5001/TCP). This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Motorola Moscad Ip Gateway Firmware | ||
| Motorola Moscad Ip Gateway | ||
| Motorola Ace Ip Gateway \(4600\) Firmware | ||
| Motorola Ace Ip Gateway \(4600\) | ||
| All of | ||
| Motorola Moscad Ip Gateway Firmware | ||
| Motorola Moscad Ip Gateway | ||
| All of | ||
| Motorola Ace Ip Gateway \(4600\) Firmware | ||
| Motorola Ace Ip Gateway \(4600\) | ||
| Motorola Solutions CRITICAL INFRASTRUCTURE SECTORS: Multiple | ||
| Motorola Solutions COUNTRIES/AREAS DEPLOYED: Worldwide | ||
| Motorola Solutions COMPANY HEADQUARTERS LOCATION: United States |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-30276?
CVE-2022-30276 is a vulnerability in the Motorola MOSCAD and ACE line of RTUs that allows unauthorized access due to the omission of an authentication requirement.
How does CVE-2022-30276 impact systems?
CVE-2022-30276 allows attackers to gain unauthorized access to the affected systems.
What is the severity of CVE-2022-30276?
CVE-2022-30276 has a severity rating of 7.5 (high).
Which software is affected by CVE-2022-30276?
CVE-2022-30276 affects the Motorola MOSCAD and ACE line of RTUs with specific firmware versions.
How can CVE-2022-30276 be fixed?
To mitigate CVE-2022-30276, it is recommended to apply the necessary firmware updates provided by Motorola.
- collector/nvd-index
- agent/type
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup-request
- vendor/motorola
- canonical/motorola moscad ip gateway firmware
- canonical/motorola moscad ip gateway
- canonical/motorola ace ip gateway \(4600\) firmware
- canonical/motorola ace ip gateway \(4600\)
- vendor/motorola solutions
- canonical/motorola solutions critical infrastructure sectors: multiple
- canonical/motorola solutions countries/areas deployed: worldwide
- canonical/motorola solutions company headquarters location: united states