OTPulse

Motorola Solutions Vigilant License Plate Readers

Plan PatchCVSS 8.8ICS-CERT ICSA-24-165-19Jun 13, 2024
Attack path
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Six vulnerabilities affect Motorola Solutions Vigilant Fixed LPR Coms Box devices (firmware version 3.1.171.9 and earlier). Vulnerabilities include: hard-coded wireless access point credentials (CVE-2024-38281), hard-coded web interface credentials (CVE-2024-38282), unencrypted storage of Criminal Justice Information and cached query data (CVE-2024-38280, CVE-2024-38283), credentials and sensitive data exposed in log files (CVE-2024-38284, CVE-2024-38285), and insecure boot partition allowing physical tampering (CVE-2024-38279). Motorola has already remediated CVE-2024-38281, CVE-2024-38283, and CVE-2024-38279 in newer firmware. For CVE-2024-38280, devices shipped after May 10, 2024 include full disk encryption; older devices have had CJI data encrypted in-place. Secure boot implementation is planned for Fall 2024 via OTA update.

What this means
What could happen
An attacker with local or network access could read sensitive law enforcement data, extract stored credentials, or modify data on license plate reader devices—compromising investigation integrity and exposing personally identifiable information from vehicle lookups.
Who's at risk
Law enforcement and public safety agencies deploying Motorola Vigilant Fixed LPR (License Plate Reader) devices for traffic enforcement, criminal investigations, and vehicle tracking. Particularly critical for organizations that store Criminal Justice Information (CJI) or connect these devices to networked systems for query and alerting.
How it could be exploited
An attacker with authenticated network access to the device's web interface or wireless access point could read unencrypted database files, extract hard-coded credentials from the wireless access point or web interface, or access cached law enforcement query data. Local physical access to the device could allow boot-level tampering by editing the GRUB bootloader if secure boot is not enabled.
Prerequisites
  • Network access to the device's web interface or wireless access point (typically on-vehicle or local network)
  • Valid credentials (or ability to use default/hard-coded credentials for wireless AP)
  • For some vulnerabilities: physical access to the device to modify boot configuration
No patch available for firmware versions at or below 3.1.171.9Multiple authentication and encryption weaknesses (hard-coded credentials, unencrypted sensitive data)Sensitive data exposure: personally identifiable information from vehicle lookups and law enforcement queriesAffects safety/compliance systems: Criminal Justice Information (CJI) handling is regulated under CJIS standardsLow attack complexity for extracting credentials or accessing unencrypted data
Exploitability
Unlikely to be exploited — EPSS score 0.3%
Affected products (1)
ProductAffected VersionsFix Status
Vigilant Fixed LPR Coms Box (BCAV1F2-C600): <=3.1.171.9≤ 3.1.171.9No fix (EOL)
Remediation & Mitigation
0/6
Do now
0/2
WORKAROUNDChange wireless access point SSID and password from defaults; disable wireless AP if not operationally required
WORKAROUNDDelete or purge log files from affected devices that may contain web requests with credentials
Schedule — requires maintenance window
0/4

Patching may require device reboot — plan for process interruption

HOTFIXVerify devices shipped after May 10, 2024 are deployed and that older units have full disk encryption with LUKS applied; contact Motorola if encryption status is unclear
HARDENINGApply network segmentation: place license plate reader devices behind firewalls separate from business networks; restrict web interface access to authorized administrative machines only
WORKAROUNDReview and remove cached law enforcement hotlist data from devices if not actively required for local operation
HOTFIXWhen available in Fall 2024, deploy Motorola's secure boot implementation via OTA update to address GRUB partition tampering risk
View full CISA ICS-CERT advisory
API: /api/v1/advisories/d42874ce-cf51-44e5-91e5-de680d90da5b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.