CVE-2022-30273

The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.forescout.com/blog/	Not Applicable Third Party Advisory
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation	Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05	Mitigation Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:motorolasolutions:mdlc:4.80.0024:::::::*
	cpe:2.3:a:motorolasolutions:mdlc:4.82.004:::::::*
	cpe:2.3:a:motorolasolutions:mdlc:4.83.001:::::::*

History

14 Feb 2024, 16:10

Type	Values Removed	Values Added
References	~~(MISC) https://www.forescout.com/blog/ - Third Party Advisory~~	(MISC) https://www.forescout.com/blog/ - Not Applicable, Third Party Advisory

08 Aug 2023, 14:22

Type	Values Removed	Values Added
CWE		CWE-345

Information

Published : 2022-07-26 22:15

Updated : 2024-02-14 16:10

NVD link : CVE-2022-30273

Mitre link : CVE-2022-30273

JSON object : View

Products Affected

motorolasolutions

mdlc

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

CWE-345

Insufficient Verification of Data Authenticity

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.forescout.com/blog/", "name": "https://www.forescout.com/blog/", "tags": ["Not Applicable", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation", "name": "https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-345"}, {"lang": "en", "value": "CWE-327"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-30273", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2022-07-26T22:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:motorolasolutions:mdlc:4.80.0024:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:motorolasolutions:mdlc:4.82.004:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:motorolasolutions:mdlc:4.83.001:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-02-14T16:10Z"}