← Retour aux CVEs

CVE-2022-30273

CRITICAL

9.8

Description

The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie7/26/2022

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

motorolasolutions:mdlc

Faiblesses (CWE)

CWE-327CWE-345

References

https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation(cve@mitre.org)

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05(cve@mitre.org)

https://www.forescout.com/blog/(cve@mitre.org)

https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05(af854a3a-2127-422b-91ae-364da2661108)

https://www.forescout.com/blog/(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.