CVE-2022-30271

Name of the Vulnerable Software and Affected Versions Motorola ACE1000 RTU through 2022-05-02

Description The issue is related to the use of hardcoded SSH credentials. This could allow a remote attacker to gain unauthorized access to protected information. The hardcoded SSH private key is likely to be used by default due to the initialization scripts, such as /etc/init.d/sshd service, only generating a new key if no private-key file exists.

Recommendations For Motorola ACE1000 RTU through 2022-05-02, consider regenerating the SSH private key to prevent the use of the hardcoded key. As a temporary workaround, restrict access to the SSH service until a more permanent solution can be applied.