Authentication Bypass in Motorola MOSCAD and ACE RTUs by Motorola
CVE-2022-30276

7.5HIGH

Key Information:

Vendor: Motorola
Status: Moscad Ip Gateway Firmware
Vendor: CVE Published:; 26 July 2022

What is CVE-2022-30276?

Motorola MOSCAD and ACE line of RTUs present a significant security flaw due to the omission of an authentication requirement for their IP Gateway modules. This vulnerability allows attackers with access to the gateway's port, using the proprietary IPGW protocol, to interact with backend RTUs without any authentication, potentially leading to unauthorized control and manipulation of critical functionality. It is essential for users to assess the risks and implement possible mitigations to secure their systems.

References

https://www.forescout.com/blog/

x_refsource_MISC

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-04

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 26, 2022
Vulnerability Reserved
May 4, 2022