Lucene search
+L

45 matches found

Prion
Prion
added 2022/07/26 11:15 p.m.25 views

Default credentials

The Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface on port 22/TCP. This interface is used for remote maintenance and for SFTP file-transfer operations that are part of engineering software functionality. Access to this interface is controlled by 5...

7.5CVSS9.4AI score0.00768EPSS
Exploits0References2
Prion
Prion
added 2022/07/26 11:15 p.m.23 views

Design/Logic Flaw

Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images as PLX/DAT/APP/CRC files are uploaded via the...

6.5CVSS9.3AI score0.00392EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/26 10:11 p.m.28 views

CVE-2022-30269

Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images as PLX/DAT/APP/CRC files are uploaded via the...

9.2AI score0.00392EPSS
Exploits0References2
CVE
CVE
added 2022/07/26 10:11 p.m.105 views

CVE-2022-30269

Motorola ACE1000 RTUs up to 2022-05-02 are affected by CVE-2022-30269: the ACE1000 allows custom application installation via STS, the C Toolkit, or the Easy Configurator, with images uploaded via Web UI or transferred via SFTP/SSH. The vulnerability stems from missing firmware signing/authentica...

8.8CVSS8.9AI score0.00392EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/07/26 10:11 p.m.25 views

CVE-2022-30270

The Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface on port 22/TCP. This interface is used for remote maintenance and for SFTP file-transfer operations that are part of engineering software functionality. Access to this interface is controlled by 5...

9.7AI score0.00768EPSS
Exploits0References2
CVE
CVE
added 2022/07/26 10:11 p.m.96 views

CVE-2022-30270

The ACE1000 RTU (Motorola Solutions) is affected by CVE-2022-30270 due to hard-coded default SSH credentials for five accounts (root, abuilder, acelogin, cappl, ace) used to control SSH on port 22. This enables remote maintenance access and SFTP operations, with documented accounts some not being...

9.8CVSS9.3AI score0.00768EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/07/26 10:11 p.m.95 views

CVE-2022-30271

The CVE-2022-30271 entry concerns Motorola Solutions ACE1000 RTU (through 2022-05-02) shipping with a hardcoded SSH private key. Red Hat and CISA advisories confirm the root cause: the initialization scripts (e.g., /etc/init.d/sshd_service) do not generate a new key if a private-key file exists, ...

9.8CVSS9.3AI score0.00874EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/07/26 10:11 p.m.25 views

CVE-2022-30271

The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts such as /etc/init.d/sshdservice only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default...

6.8AI score0.00874EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/26 10:11 p.m.33 views

CVE-2022-30271

The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts such as /etc/init.d/sshdservice only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default...

9.6AI score0.00874EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/26 10:10 p.m.32 views

CVE-2022-30272

The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy Configurator, firmware updates are performed through access to the Web UI where file system, kerne...

7.4AI score0.00389EPSS
Exploits0References2
CVE
CVE
added 2022/07/26 10:10 p.m.86 views

CVE-2022-30272

The ACE1000 RTU (Motorola Solutions) is affected by CVE-2022-30272. Firmware updates performed via ACE1000 Easy Configurator (Web UI) or via SSH for the FEP module lack authentication and rely on insecure checksums for integrity checks, enabling potential manipulation of firmware images. This cou...

7.2CVSS7.1AI score0.00389EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/07/26 10:6 p.m.89 views

CVE-2022-30274

The CVE-2022-30274 vulnerability affects the Motorola ACE1000 RTU (up to 2022-05-02). Root cause: use of TEA in ECB mode with a hardcoded key to protect credentials for the XRT LAN-to-radio gateway and for authenticating to the XNL port, enabling potential manipulation of device configuration. Do...

9.8CVSS9.4AI score0.00544EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/07/26 10:6 p.m.25 views

CVE-2022-30274

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm TEA in ECB mode using a hardcode...

9.7AI score0.00544EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/07/12 12:0 a.m.53 views

Oracle Linux 8 : ol8addon (ELSA-2022-17957)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-17957 advisory. - Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larg...

8.8CVSS7.5AI score0.02057EPSS
Exploits1References5
ICS
ICS
added 2022/06/28 12:0 a.m.90 views

Motorola Solutions ACE1000

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Motorola Solutions Equipment: ACE1000 Vulnerabilities: Use of Hard-coded Cryptographic Key, Use of Hard-coded Credentials, Insufficient Verification of Data Authenticity CISA is aware of a public report...

9.8CVSS10AI score0.00874EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.5 views

Motorola Solutions ACE1000 信任管理问题漏洞

The Motorola Solutions ACE1000 is a Remote Terminal Unit from Motorola Solutions USA. A security vulnerability exists in the Motorola Solutions ACE1000 RTU version, which stems from a hard-coded SSH private key shipped with the affected product, and can be exploited by an attacker to manipulate...

9.8CVSS8.3AI score0.00874EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.21 views

Motorola Solutions ACE1000 数据伪造问题漏洞

The Motorola Solutions ACE1000 is a remote terminal unit from Motorola Solutions USA. A data forgery vulnerability exists in the Motorola Solutions ACE1000 version that originates from allowing custom applications to be installed via the STS software, the C Toolkit, or the ACE1000 Easy...

8.8CVSS8.6AI score0.00392EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.5 views

Motorola Solutions ACE1000 信任管理问题漏洞

The Motorola Solutions ACE1000 is a Remote Terminal Unit RTU from Motorola Solutions USA. A security vulnerability exists in the Motorola Solutions ACE1000 RTU version that originates from communication with the XRT LAN to the radio gateway via an embedded client, where access credentials to this...

9.8CVSS8.3AI score0.00544EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.21 views

The vulnerability of the microprogrammed logic controllers ACE1000, related to the use of rigidly encrypted account data for five SSH accounts, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the microprogrammed logic controllers ACE1000 relates to the use of rigidly encoded credentials for five SSH accounts. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

10CVSS5.5AI score0.00768EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.12 views

The vulnerability of the embedded images of microprogrammed logic controllers ACE1000 allows a hacker to execute arbitrary code.

The vulnerability of embedded images of microprogrammed logic controllers ACE1000 is related to deficiencies in the algorithm for calculating the check sum. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

10CVSS5.8AI score0.00389EPSS
Exploits0References2
Rows per page
Query Builder