CVE-2022-30273

The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.forescout.com/blog/	Third Party Advisory
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation	Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05	Mitigation Third Party Advisory US Government Resource

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:motorolasolutions:mdlc:4.80.0024:::::::*
	cpe:2.3:a:motorolasolutions:mdlc:4.82.004:::::::*
	cpe:2.3:a:motorolasolutions:mdlc:4.83.001:::::::*

Information

Published : 2022-07-26 15:15

Updated : 2022-08-02 13:49

NVD link : CVE-2022-30273

Mitre link : CVE-2022-30273

JSON object : View

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

Advertisement

Products Affected

motorolasolutions

mdlc

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.forescout.com/blog/", "name": "https://www.forescout.com/blog/", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation", "name": "https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-327"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-30273", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2022-07-26T22:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:motorolasolutions:mdlc:4.80.0024:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:motorolasolutions:mdlc:4.82.004:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:motorolasolutions:mdlc:4.83.001:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-08-02T20:49Z"}