ICSA-22-179-06 · Published 2022-06-28 · View on CISA ICS-CERT ↗

Motorola Solutions ACE1000

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to manipulate the RTU configuration, cause a denial-of-service condition, or achieve remote code execution.

CVEs (5)

CVE-2022-30271 CVE-2022-30270 CVE-2022-30274 CVE-2022-30269 CVE-2022-30272

Remediations

While individual remediation steps are specified, note all vulnerabilities listed above can be resolved by upgrading the ACE1000 to MC-EDGE intelligent RTU.
CVE-2022-30271: To remediate, manually rotate the private key using the “ACE1000 SSH Key Rotation” process.
For user guide and procedural information mentioned within this report, use the Contact Us form and select “Other” for Product Interest and request the manual for IoT products.
CVE-2022-30270: To remediate, users should change their password manually. This process can be found in the ACE1000 user guide.
CVE-2022-30274: Upgrade to MOTOTRBO Capacity Max.
CVE-2022-30269: To remediate, use the “Secured Download and Installation for ACE1000” procedure.
CVE-2022-30272: To remediate, use the “Secured Download and Installation for ACE1000” procedure.

Affected Vendors

Motorola Solutions

Affected Products (1)

Motorola Solutions · Motorola Solutions ACE1000 vers:all/*

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more