CVE-2022-30275

Published: Jul 26, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration file. In addition, this password is used for access control to MOSCAD/STS projects protected with the Legacy Password feature. In this case, an insecure CRC of the password is present in the project file: this CRC is validated against the password in the driver configuration file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.forescout.com/blog/

x_refsource_MISC

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-30275

Description

Affected Products

References