Motorola Solutions MDLC

Risk Summary

Successful exploitation of these vulnerabilities could result in message manipulation, exposure of the attack surface of the MDLC protocol parser, memory corruption, and exposure of sensitive information.

CVEs (2)

Remediations

• For CVE-2022-30273: Motorola Solutions notes the MDLC protocol offers two encryption algorithm options: AES256 (as default since 2014) and TEA. The TEA option will not be available after June 2022 in the new software update. The AES256 option will remain as a mandatory encryption method starting with the June 2022 software update for the ACE3600 and the MC-EDGE.Users with legacy products such as MOSCAD or ACE1000 are encouraged to move to newer products that support the MDLC secure protocol.
• For user guide and procedural information mentioned within this report, use the Contact Us form and select “Other” for Product Interest and request the manual for IoT products.
• For CVE-2022-30275: Motorola Solutions notes the password in the MDLC's Windows driver (nonsecured MDLC protocol) is plaintext. MDLC has two versions - secured and nonsecured. In order to encrypt the password, users should secure MDLC as described in the user's manual. Motorola Solutions also recommends ACE3600 and MC-EDGE users move to the MDLC protocol, which replaces the MDLC legacy protocol and supports AES 256-bit encryption.

Affected Vendors

Affected Products (1)

Affected Sectors

Multiple