CVE-2022-30273
Last modified
CVE-2022-30273 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. EPSS estimates a 0.31% chance of exploitation in the next 30 days.
Description
The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Motorolasolutions | Mdlc | 4.80.0024 |
| Motorolasolutions | Mdlc | 4.82.004 |
| Motorolasolutions | Mdlc | 4.83.001 |
References
- https://en.wikipedia.org/wiki/Block_cipher_mode_of_operationThird Party Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05Mitigation, Third Party Advisory, US Government Resource
- https://www.forescout.com/blog/Not Applicable, Third Party Advisory
- https://en.wikipedia.org/wiki/Block_cipher_mode_of_operationThird Party Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05Mitigation, Third Party Advisory, US Government Resource
- https://www.forescout.com/blog/Not Applicable, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-30273?
How severe is CVE-2022-30273?
How do I fix CVE-2022-30273?
Are you affected by CVE-2022-30273?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST