CVE-2022-30276

Name of the Vulnerable Software and Affected Versions Motorola MOSCAD and ACE line of RTUs through 2022-05-02

Description The issue concerns the omission of an authentication requirement in the Motorola MOSCAD and ACE line of RTUs. These devices feature IP Gateway modules that allow for communication between Motorola Data Link Communication (MDLC) networks and TCP/IP networks using the proprietary IPGW protocol on port 5001/TCP. This protocol lacks authentication features, enabling any attacker who can communicate with the port to invoke desired functionality.

Recommendations For Motorola MOSCAD and ACE line of RTUs through 2022-05-02, consider disabling the IPGW protocol on port 5001/TCP as a temporary workaround until a patch is available. Restrict access to the IP Gateway modules to minimize the risk of exploitation. Avoid using the IPGW protocol until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.