Vulnerability Details : CVE-2022-30273
The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers.
Exploit prediction scoring system (EPSS) score for CVE-2022-30273
Probability of exploitation activity in the next 30 days: 0.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 49 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-30273
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-30273
-
The product uses a broken or risky cryptographic algorithm or protocol.Assigned by: nvd@nist.gov (Primary)
-
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-30273
-
https://www.forescout.com/blog/
Blog - ForescoutNot Applicable;Third Party Advisory
-
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
Block cipher mode of operation - WikipediaThird Party Advisory
-
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05
Motorola Solutions MDLC | CISAMitigation;Third Party Advisory;US Government Resource
Products affected by CVE-2022-30273
- cpe:2.3:a:motorolasolutions:mdlc:4.80.0024:*:*:*:*:*:*:*
- cpe:2.3:a:motorolasolutions:mdlc:4.82.004:*:*:*:*:*:*:*
- cpe:2.3:a:motorolasolutions:mdlc:4.83.001:*:*:*:*:*:*:*