CVE-2022-30275 — HIGH (7.5)

Vulnerability Description

The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration file. In addition, this password is used for access control to MOSCAD/STS projects protected with the Legacy Password feature. In this case, an insecure CRC of the password is present in the project file: this CRC is validated against the password in the driver configuration file.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Motorolasolutions	Mdlc	4.80.0024

Related Weaknesses (CWE)

CWE-312

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05MitigationThird Party AdvisoryUS Government Resource
https://www.forescout.com/blog/Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05MitigationThird Party AdvisoryUS Government Resource
https://www.forescout.com/blog/Third Party Advisory

FAQ

What is CVE-2022-30275?

CVE-2022-30275 is a vulnerability with a CVSS score of 7.5 (HIGH). The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communi...

How severe is CVE-2022-30275?

CVE-2022-30275 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-30275?

Check the references section above for vendor advisories and patch information. Affected products include: Motorolasolutions Mdlc.