CVE-2022-30275
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration file. In addition, this password is used for access control to MOSCAD/STS projects protected with the Legacy Password feature. In this case, an insecure CRC of the password is present in the project file: this CRC is validated against the password in the driver configuration file.
El software MOSCAD Toolbox de Motorola versiones hasta 02-05-2022, es basado en una contraseña en texto sin cifrar. Usa un controlador MDLC para comunicarse con las RTU de MOSCAD/ACE con fines de ingeniería. El acceso a estas comunicaciones está protegido por una contraseña almacenada en texto sin cifrar en el archivo de configuración del driver wmdlcdrv.ini. Además, esta contraseña es usado para el control de acceso a los proyectos de MOSCAD/STS protegidos con la función Legacy Password. En este caso, un CRC no seguro de la contraseña está presente en el archivo del proyecto: este CRC es comprobado contra la contraseña en el archivo de configuración del controlador.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-05-04 CVE Reserved
- 2022-07-26 CVE Published
- 2024-02-16 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-312: Cleartext Storage of Sensitive Information
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05 | Mitigation | |
| https://www.forescout.com/blog | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Motorolasolutions Search vendor "Motorolasolutions" | Mdlc Search vendor "Motorolasolutions" for product "Mdlc" | 4.80.0024 Search vendor "Motorolasolutions" for product "Mdlc" and version "4.80.0024" | - |
Affected
| ||||||
| Motorolasolutions Search vendor "Motorolasolutions" | Mdlc Search vendor "Motorolasolutions" for product "Mdlc" | 4.82.004 Search vendor "Motorolasolutions" for product "Mdlc" and version "4.82.004" | - |
Affected
| ||||||
| Motorolasolutions Search vendor "Motorolasolutions" | Mdlc Search vendor "Motorolasolutions" for product "Mdlc" | 4.83.001 Search vendor "Motorolasolutions" for product "Mdlc" and version "4.83.001" | - |
Affected
| ||||||