Vulnerability Description
The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Motorolasolutions | Mdlc | 4.80.0024 |
Related Weaknesses (CWE)
References
- https://en.wikipedia.org/wiki/Block_cipher_mode_of_operationThird Party Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05MitigationThird Party AdvisoryUS Government Resource
- https://www.forescout.com/blog/Not ApplicableThird Party Advisory
- https://en.wikipedia.org/wiki/Block_cipher_mode_of_operationThird Party Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05MitigationThird Party AdvisoryUS Government Resource
- https://www.forescout.com/blog/Not ApplicableThird Party Advisory
FAQ
What is CVE-2022-30273?
CVE-2022-30273 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encryp...
How severe is CVE-2022-30273?
CVE-2022-30273 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-30273?
Check the references section above for vendor advisories and patch information. Affected products include: Motorolasolutions Mdlc.