CVE-2022-30275

Name of the Vulnerable Software and Affected Versions Motorola MOSCAD Toolbox software through 2022-05-02

Description The issue concerns the use of a cleartext password in the Motorola MOSCAD Toolbox software. This password is stored in the wmdlcdrv.ini driver configuration file and is used for access control to MOSCAD/STS projects protected with the Legacy Password feature. An insecure CRC of the password is present in the project file and is validated against the password in the driver configuration file. The software utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes.

Recommendations For Motorola MOSCAD Toolbox software through 2022-05-02, consider disabling the use of the Legacy Password feature until a secure alternative is implemented. Restrict access to the wmdlcdrv.ini driver configuration file to minimize the risk of exploitation. Avoid using the cleartext password stored in this file for access control to MOSCAD/STS projects. At the moment, there is no information about a newer version that contains a fix for this vulnerability.