Risk | Medium |
Patch available | NO |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2022-30273 CVE-2022-30275 |
CWE-ID | CWE-327 CWE-256 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
MDLC Other software / Other software solutions |
Vendor | Motorola |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU64790
Risk: Medium
CVSSv3.1: 5.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2022-30273
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use of a broken or risky cryptographic algorithm. A remote attacker can use specially crafted messages with ciphertext blocks inserted at certain positions, leading to message manipulation or exposure of the attack surface of the MDLC protocol parser to memory corruption attacks.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsMDLC: 4.80.0024 - 4.83.001
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-179-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64792
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2022-30275
CWE-ID:
CWE-256 - Unprotected Storage of Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to other users' credentials.
The vulnerability exists due to the affected product utilizes an MDLC driver that has a password stored in plaintext in the wmdlcdrv.ini driver configuration file. A remote attacker can view contents of the configuration file and gain access to passwords for 3rd party integration.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsMDLC: 4.80.0024 - 4.83.001
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-179-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.