Motorola Solutions MDLC

MonitorCVSS 7.5ICS-CERT ICSA-22-179-05Jun 28, 2022

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Motorola Solutions MDLC contains two vulnerabilities affecting encrypted communication and credential storage. CVE-2022-30273 involves weak encryption in the MDLC protocol when using the legacy TEA encryption algorithm instead of AES256, allowing potential message manipulation and protocol parser exploitation. CVE-2022-30275 involves plaintext password storage in the MDLC Windows driver on systems using the nonsecured MDLC protocol variant, exposing credentials to local or network-based attackers who gain access to configuration files or traffic.

What this means

What could happen

An attacker with network access to MDLC systems using legacy or nonsecured configurations could intercept and modify control messages, or extract plaintext credentials to gain unauthorized access to the control system, potentially allowing manipulation of industrial processes or denial of service.

Who's at risk

Utilities and large facilities using Motorola Solutions legacy MDLC-based control systems, including ACE1000 and MOSCAD products for SCADA/EMS (Energy Management Systems) communication. This affects any engineering workstation or gateway running MDLC Windows drivers, particularly those managing remote sites, substations, or distributed generation equipment.

How it could be exploited

An attacker on the same network as an MDLC device could passively intercept MDLC protocol traffic if TEA encryption is enabled (weak) instead of AES256, or capture plaintext passwords stored in Windows driver configuration files if the nonsecured MDLC protocol variant is deployed. With captured credentials or ability to forge messages, the attacker could send malicious commands to alter setpoints or stop processes.

Prerequisites

Network access to MDLC protocol traffic or device management interface
System configured with legacy TEA encryption (CVE-2022-30273) or nonsecured MDLC protocol variant (CVE-2022-30275)
For password exploitation: access to Windows driver configuration files or ability to intercept unencrypted management traffic

Remotely exploitable (network-based password theft and protocol manipulation)No patch available for affected versionsLegacy products (MOSCAD, ACE1000) out of supportWeak encryption (TEA) historically enabled by defaultPlaintext credential storageAffects SCADA/EMS systems controlling grid operations

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

MDLC:4.80.0024 | 4.82.004 | 4.83.001No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGFor systems using MDLC: Ensure AES256 encryption is enabled as the mandatory encryption algorithm. Verify TEA encryption is disabled.

HARDENINGFor systems using nonsecured MDLC protocol: Switch to the secured MDLC protocol variant and follow the user manual instructions to enable encryption.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGNetwork segmentation: Isolate MDLC protocol traffic from untrusted networks using firewalls and VLANs. Restrict access to management interfaces and engineering workstations.

Mitigations - no patch available

0/1

MDLC: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGPlan migration from legacy MDLC products (MOSCAD, ACE1000) to newer products such as ACE3600 or MC-EDGE that enforce AES256-bit encryption and support the modern MDLC secure protocol.

CVEs (2)

CVE-2022-30273 CVE-2022-30275

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/858bfe76-1d45-4a68-b182-d43f47022387

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.