{"vulnerability": "CVE-2022-3027", "sightings": [{"uuid": "84c54e56-d600-476c-8a66-fbf4b23398cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3027", "type": "seen", "source": "https://t.me/cibsecurity/49646", "content": "\u203c CVE-2022-3027 \u203c\n\nThe CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T18:25:28.000000Z"}, {"uuid": "bf57133b-6fc8-41a3-94eb-743a4e9d381d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30270", "type": "seen", "source": "https://t.me/cibsecurity/47044", "content": "\u203c CVE-2022-30270 \u203c\n\nThe Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface on port 22/TCP. This interface is used for remote maintenance and for SFTP file-transfer operations that are part of engineering software functionality. Access to this interface is controlled by 5 preconfigured accounts (root, abuilder, acelogin, cappl, ace), all of which come with default credentials. Although the ACE1000 documentation mentions the root, abuilder and acelogin accounts and instructs users to change the default credentials, the cappl and ace accounts remain undocumented and thus are unlikely to have their credentials changed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T02:41:39.000000Z"}, {"uuid": "85071ef5-8892-4dc9-b6ce-5b30fb5c9718", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30276", "type": "seen", "source": "https://t.me/cibsecurity/47041", "content": "\u203c CVE-2022-30276 \u203c\n\nThe Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. They feature IP Gateway modules which allow for interfacing between Motorola Data Link Communication (MDLC) networks (potentially over a variety of serial, RF and/or Ethernet links) and TCP/IP networks. Communication with RTUs behind the gateway is done by means of the proprietary IPGW protocol (5001/TCP). This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T02:41:33.000000Z"}, {"uuid": "a216b9cf-8f0c-4bf6-ba81-254df3460e84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30272", "type": "seen", "source": "https://t.me/cibsecurity/47039", "content": "\u203c CVE-2022-30272 \u203c\n\nThe Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy Configurator, firmware updates are performed through access to the Web UI where file system, kernel, package, bundle, or application images can be installed. Firmware updates for the Front End Processor (FEP) module are performed via access to the SSH interface (22/TCP), where a .hex file image is transferred and a bootloader script invoked. File system, kernel, package, and bundle updates are supplied as RPM (RPM Package Manager) files while FEP updates are supplied as S-rec files. In all cases, firmware images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T02:41:31.000000Z"}, {"uuid": "4045850d-0d17-43b4-b90c-df347f1ed4e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30274", "type": "seen", "source": "https://t.me/cibsecurity/47036", "content": "\u203c CVE-2022-30274 \u203c\n\nThe Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm (TEA) in ECB mode using a hardcoded key. Similarly, the ACE1000 RTU can route MDLC traffic over Extended Command and Management Protocol (XCMP) and Network Layer (XNL) networks via the MDLC driver. Authentication to the XNL port is protected by TEA in ECB mode using a hardcoded key.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T02:41:26.000000Z"}, {"uuid": "dd8106cc-b9a8-433c-bc02-693a397dd94b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30271", "type": "seen", "source": "https://t.me/cibsecurity/47043", "content": "\u203c CVE-2022-30271 \u203c\n\nThe Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts (such as /etc/init.d/sshd_service) only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T02:41:35.000000Z"}, {"uuid": "c5ddd623-1157-4685-8384-37adf96b8fc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30273", "type": "seen", "source": "https://t.me/cibsecurity/47048", "content": "\u203c CVE-2022-30273 \u203c\n\nThe Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T02:41:42.000000Z"}, {"uuid": "515a4ddb-6122-47c5-989e-9cc49b999e24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30277", "type": "seen", "source": "https://t.me/cibsecurity/43688", "content": "\u203c CVE-2022-30277 \u203c\n\nBD Synapsys\u00e2\u201e\u00a2, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-02T18:35:44.000000Z"}, {"uuid": "bc53962f-6fdd-4094-bb44-6bc506337038", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30279", "type": "seen", "source": "https://t.me/cibsecurity/42492", "content": "\u203c CVE-2022-30279 \u203c\n\nAn issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-12T18:36:08.000000Z"}]}