CVE-2022-30274

Name of the Vulnerable Software and Affected Versions Motorola ACE1000 RTU versions prior to 2022-05-02

Description The issue is related to the use of hardcoded credentials in the XRT LAN-to-radio gateway and XNL microcode software of the Motorola ACE1000 RTU. This allows a remote attacker to gain unauthorized access to protected information. The Motorola ACE1000 RTU uses ECB encryption unsafely, storing credentials encrypted with the Tiny Encryption Algorithm (TEA) in ECB mode using a hardcoded key. This affects communication with the XRT LAN-to-radio gateway and authentication to the XNL port.

Recommendations For Motorola ACE1000 RTU versions prior to 2022-05-02, consider disabling the use of hardcoded credentials for the XRT LAN-to-radio gateway and XNL port until a patch is available. Restrict access to the XNL port to minimize the risk of exploitation. Avoid using the hardcoded key for TEA encryption in ECB mode until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.