CVE-2022-30274
CRITICALMotorola ACE1000 RTU - Use of Hard-coded Credentials in TEA ECB Encryption
Title source: llmDescription
The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm (TEA) in ECB mode using a hardcoded key. Similarly, the ACE1000 RTU can route MDLC traffic over Extended Command and Management Protocol (XCMP) and Network Layer (XNL) networks via the MDLC driver. Authentication to the XNL port is protected by TEA in ECB mode using a hardcoded key.
References (2)
Core 2
Core References
Not Applicable x_refsource_misc
https://www.forescout.com/blog/
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-06
Scores
CVSS v3
9.8
EPSS
0.0052
EPSS Percentile
39.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (1)
motorola/ace1000_firmware
Published
Jul 26, 2022
Tracked Since
Feb 18, 2026