Filtered by vendor Motorolasolutions
Subscriptions
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30275 | 1 Motorolasolutions | 1 Mdlc | 2024-08-03 | 7.5 High |
| The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration file. In addition, this password is used for access control to MOSCAD/STS projects protected with the Legacy Password feature. In this case, an insecure CRC of the password is present in the project file: this CRC is validated against the password in the driver configuration file. | ||||
| CVE-2022-30273 | 1 Motorolasolutions | 1 Mdlc | 2024-08-03 | 9.8 Critical |
| The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers. | ||||
| CVE-2024-38282 | 1 Motorolasolutions | 1 Vigilant Fixed Lpr Coms Box Bcav1f2 C600 | 2024-08-02 | N/A |
| Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the system. | ||||
| CVE-2024-38280 | 1 Motorolasolutions | 1 Vigilant Fixed Lpr Coms Box | 2024-08-02 | N/A |
| An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text. | ||||
| CVE-2024-38284 | 1 Motorolasolutions | 1 Vigilant Fixed Lpr Coms Box | 2024-08-02 | N/A |
| Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate calls. | ||||
| CVE-2024-38283 | 1 Motorolasolutions | 1 Vigilant Fixed Lpr Coms Box Bcav1f2 C600 | 2024-08-02 | N/A |
| Sensitive customer information is stored in the device without encryption. | ||||
| CVE-2024-38285 | 1 Motorolasolutions | 1 Vigilant Fixed Lpr Coms Box Bcav1f2 C600 | 2024-08-02 | N/A |
| Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools. | ||||
| CVE-2024-38279 | 1 Motorolasolutions | 1 Vigilant Fixed Lpr Coms Box Bcav1f2 C600 | 2024-08-02 | N/A |
| The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes. | ||||
Page 1 of 1.