9.8

CVE-2022-30273

EPSS 0.05%
Veröffentlicht 26.07.2022 22:15:11
Zuletzt bearbeitet 21.11.2024 07:02:28
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Motorolasolutions ≫ Mdlc Version4.80.0024

Motorolasolutions ≫ Mdlc Version4.82.004

Motorolasolutions ≫ Mdlc Version4.83.001

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.161

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

https://www.forescout.com/blog/

Third Party Advisory

Not Applicable

https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

Third Party Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2022-30273

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-30273

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-30273

EUVD