2 results (0.019 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration file. In addition, this password is used for access control to MOSCAD/STS projects protected with the Legacy Password feature. In this case, an insecure CRC of the password is present in the project file: this CRC is validated against the password in the driver configuration file. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05 https://www.forescout.com/blog • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers. El protocolo MDLC de Motorola versiones hasta 02-05-2022, maneja inapropiadamente la integridad de los mensajes. • https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05 https://www.forescout.com/blog • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-345: Insufficient Verification of Data Authenticity •