← Zuruck zu CVEs

CVE-2022-30273

CRITICAL

9.8

Beschreibung

The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht7/26/2022

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

motorolasolutions:mdlc

Schwachen (CWE)

CWE-327CWE-345

Referenzen

https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation(cve@mitre.org)

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05(cve@mitre.org)

https://www.forescout.com/blog/(cve@mitre.org)

https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05(af854a3a-2127-422b-91ae-364da2661108)

https://www.forescout.com/blog/(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.