Vulnerability Details : CVE-2022-30273
The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers.
Products affected by CVE-2022-30273
- cpe:2.3:a:motorolasolutions:mdlc:4.80.0024:*:*:*:*:*:*:*
- cpe:2.3:a:motorolasolutions:mdlc:4.82.004:*:*:*:*:*:*:*
- cpe:2.3:a:motorolasolutions:mdlc:4.83.001:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-30273
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-30273
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-30273
-
The product uses a broken or risky cryptographic algorithm or protocol.Assigned by: nvd@nist.gov (Primary)
-
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-30273
-
https://www.forescout.com/blog/
Blog - ForescoutNot Applicable;Third Party Advisory
-
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
Block cipher mode of operation - WikipediaThird Party Advisory
-
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05
Motorola Solutions MDLC | CISAMitigation;Third Party Advisory;US Government Resource
Jump to