CVE-2022-30275
First published: Tue Jul 26 2022(Updated: )
The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration file. In addition, this password is used for access control to MOSCAD/STS projects protected with the Legacy Password feature. In this case, an insecure CRC of the password is present in the project file: this CRC is validated against the password in the driver configuration file.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Motorolasolutions Mdlc | =4.80.0024 | |
| Motorolasolutions Mdlc | =4.82.004 | |
| Motorolasolutions Mdlc | =4.83.001 | |
| Motorola Solutions MDLC: Versions 4.80.0024, 4.82.004, and 4.83.001 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/severity
- agent/weakness
- agent/references
- agent/softwarecombine
- agent/tags
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup-request
- vendor/motorolasolutions
- canonical/motorolasolutions mdlc
- version/motorolasolutions mdlc/4.80.0024
- version/motorolasolutions mdlc/4.82.004
- version/motorolasolutions mdlc/4.83.001
- vendor/motorola solutions
- canonical/motorola solutions mdlc: versions 4.80.0024, 4.82.004, and 4.83.001