Details of VAR-202206-2145

ID

VAR-202206-2145

CVE

CVE-2022-30276

TITLE

Motorola Solutions, Inc of MOSCAD IP Gateway firmware and ace ip gateway (4600) Vulnerability related to lack of authentication for critical functions in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-014111

DESCRIPTION

The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. They feature IP Gateway modules which allow for interfacing between Motorola Data Link Communication (MDLC) networks (potentially over a variety of serial, RF and/or Ethernet links) and TCP/IP networks. Communication with RTUs behind the gateway is done by means of the proprietary IPGW protocol (5001/TCP). This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality. Motorola Solutions, Inc of MOSCAD IP Gateway firmware and ace ip gateway (4600) Firmware has a lack of authentication vulnerability for critical functionality.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2022-30276 // JVNDB: JVNDB-2022-014111 // VULMON: CVE-2022-30276

IOT TAXONOMY

category:

['network device']

sub_category:

gateway

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	motorola	model:	moscad ip gateway	scope:	eq	version:	*	Trust: 1.0
vendor:	motorola	model:	ace ip gateway \	scope:	eq	version:	*	Trust: 1.0
vendor:	motorola	model:	ace ip gateway	scope:	-	version:	-	Trust: 0.8
vendor:	motorola	model:	moscad ip gateway	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-014111 // NVD: CVE-2022-30276

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-30276
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-30276
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202206-2677
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-30276
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-30276
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-014111 // CNNVD: CNNVD-202206-2677 // NVD: CVE-2022-30276

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	Lack of authentication for critical features (CWE-306) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-014111 // NVD: CVE-2022-30276

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-2677

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202206-2677

PATCH

title:	Motorola Solutions MOSCAD IP Gateway and ACE IP Gateway Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203710	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2022/06/21/56_vulnerabilities_critical_industrial/	Trust: 0.1

sources: VULMON: CVE-2022-30276 // CNNVD: CNNVD-202206-2677

EXTERNAL IDS

db:	NVD	id:	CVE-2022-30276	Trust: 3.4
db:	ICS CERT	id:	ICSA-22-179-04	Trust: 2.5
db:	JVNDB	id:	JVNDB-2022-014111	Trust: 0.8
db:	CS-HELP	id:	SB2022062919	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3142	Trust: 0.6
db:	CNNVD	id:	CNNVD-202206-2677	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2022-30276	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2022-30276 // JVNDB: JVNDB-2022-014111 // CNNVD: CNNVD-202206-2677 // NVD: CVE-2022-30276

REFERENCES

url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-04	Trust: 2.5
url:	https://www.forescout.com/blog/	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30276	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022062919	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3142	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-30276/	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-179-04	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2022-30276 // JVNDB: JVNDB-2022-014111 // CNNVD: CNNVD-202206-2677 // NVD: CVE-2022-30276

CREDITS

Daniel dos Santos and Jos Wetzels from Forescout Technologies reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202206-2677

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2022-30276
db:	JVNDB	id:	JVNDB-2022-014111
db:	CNNVD	id:	CNNVD-202206-2677
db:	NVD	id:	CVE-2022-30276

LAST UPDATE DATE

2025-01-30T20:41:49.875000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-014111	date:	2023-09-14T08:12:00
db:	CNNVD	id:	CNNVD-202206-2677	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2022-30276	date:	2024-02-13T16:25:57.067

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-014111	date:	2023-09-14T00:00:00
db:	CNNVD	id:	CNNVD-202206-2677	date:	2022-06-28T00:00:00
db:	NVD	id:	CVE-2022-30276	date:	2022-07-26T23:15:08.293