How severe is CVE-2022-30269?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2022-30269?

This is classified as CWE-345, which is a common weakness in software security.

CVE-2022-30269 - HIGH Severity | CVSS 8.8

Vulnerability Description

Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images (as PLX/DAT/APP/CRC files) are uploaded via the Web UI. In case of the C toolkit, they are transferred and installed using SFTP/SSH. In each case, application images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks.

Related Vulnerabilities

CVE-2015-8371

HIGH

CVSS:8.8(High)

Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of...

CWE-3452015

CVE-2018-7932

HIGH

CVSS:8.8(High)

Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page...

CWE-3452018

CVE-2019-1000012

HIGH

CVSS:8.8(High)

Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code executio...

CWE-3452019

CVE-2019-1000013

HIGH

CVSS:8.8(High)

Hex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code exe...

CWE-3452019

CVE-2019-17654

HIGH

CVSS:8.8(High)

An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) ...

CWE-3452019

CVE-2020-12406

HIGH

CVSS:8.8(High)

Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code...

CWE-3452020