CVE-2022-30273
CRITICALMotorola MDLC - Insufficient Verification of Data Authenticity in Legacy Encryption Mode
Title source: llmDescription
The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers.
References (3)
Core 3
Core References
Not Applicable, Third Party Advisory x_refsource_misc
https://www.forescout.com/blog/
Third Party Advisory x_refsource_misc
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05
Scores
CVSS v3
9.8
EPSS
0.0031
EPSS Percentile
22.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-345
CWE-327
Status
published
Products (3)
motorolasolutions/mdlc
4.80.0024
motorolasolutions/mdlc
4.82.004
motorolasolutions/mdlc
4.83.001
Published
Jul 26, 2022
Tracked Since
Feb 18, 2026