SB2022062920 - Multiple vulnerabilities in Motorola Solutions MDLC

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022062920

SB2022062920 - Multiple vulnerabilities in Motorola Solutions MDLC

Published: June 29, 2022

Security Bulletin ID SB2022062920
CSH Severity
Medium
Patch available
NO
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2022-30273)

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to use of a broken or risky cryptographic algorithm. A remote attacker can use specially crafted messages with ciphertext blocks inserted at certain positions, leading to message manipulation or exposure of the attack surface of the MDLC protocol parser to memory corruption attacks.


2) Unprotected storage of credentials (CVE-ID: CVE-2022-30275)

CWE-ID: CWE-256 - Unprotected Storage of Credentials

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to other users' credentials.

The vulnerability exists due to the affected product utilizes an MDLC driver that has a password stored in plaintext in the wmdlcdrv.ini driver configuration file. A remote attacker can view contents of the configuration file and gain access to passwords for 3rd party integration.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References