CVE-2022-30269 in ACE1000 RTUinformación

Resumen

por MITRE • 2022-07-27

Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images (as PLX/DAT/APP/CRC files) are uploaded via the Web UI. In case of the C toolkit, they are transferred and installed using SFTP/SSH. In each case, application images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks.

Once again VulDB remains the best source for vulnerability data.

Reservar

2022-05-04

Divulgación

2022-07-27

Moderación

aceptado

Artículo

VDB-205133

CPE

listo

EPSS

0.00392

KEV

no

Actividades

muy bajo

Fuentes

Do you want to use VulDB in your project?

Use the official API to access entries easily!