Motorola Solutions MOSCAD IP and ACE IP Gateways

Monitor7.5ICS-CERT ICSA-22-179-04Jun 28, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Motorola MOSCAD IPGW and ACE IP gateway (CPU 4600) are vulnerable to unauthenticated configuration modification. An attacker on the network can send requests to the gateway management interface and alter configuration without providing credentials or valid authorization. This affects all versions of both products. Successful exploitation allows an attacker to change device settings that control how the gateway communicates with SCADA systems, potentially disrupting or redirecting industrial process commands. Motorola Solutions has not released firmware patches and does not plan to fix these devices. Mitigation requires network isolation and firewall rules to restrict management access to only authorized SCADA servers.

What this means

What could happen

An attacker with network access to the gateway could modify device configuration, potentially altering SCADA communication settings, firewall rules, or operational parameters that control industrial processes.

Who's at risk

Water utilities and electric utilities using Motorola MOSCAD IPGW (IP gateway for MOSCAD RTUs) or ACE IP gateway (CPU 4600) for SCADA communication. These are legacy industrial network bridges commonly found in municipal and regional utility control systems.

How it could be exploited

An attacker on the network sends an unauthenticated request to the gateway's management interface to change configuration settings. The gateway accepts the request without validating the source or requiring credentials, allowing the attacker to alter critical parameters that affect SCADA operations.

Prerequisites

Network access to the MOSCAD IPGW or ACE IP gateway (CPU 4600) on port 80 or management interface
No credentials required
Default or misconfigured gateway exposed to untrusted network segments

No vendor patch availableRemotely exploitableNo authentication requiredLow complexity to exploitAffects SCADA gateway—critical for plant operations

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

ACE IP gateway (CPU 4600): All versionsAll versionsNo fix (EOL)

MOSCAD IP gateway (IPGW): All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/4

MOSCAD IP gateway (IPGW): All versions

HARDENINGImplement a dedicated, isolated LAN between SCADA master and the IPGW; do not share this network with business systems or untrusted devices

HARDENINGFor MOSCAD IPGW: Deploy an external firewall to restrict inbound traffic to only the SCADA server IP address and block all other sources

ACE IP gateway (CPU 4600): All versions

HARDENINGFor ACE IP gateway (CPU 4600): Enable and configure the built-in firewall to allow traffic only from the SCADA server; block all other inbound connections

All products

HARDENINGEnsure the gateway is not reachable from the Internet or business network; place it behind a firewall and in a separate network segment from corporate systems

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGIf remote access to the gateway is necessary, use a VPN with current patches and strong authentication; avoid direct Internet exposure

CVEs (1)

CVE-2022-30276

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d0e4393a-55ca-4e84-ada1-ed577c79f632