Lucene search

IcscertVULNRICHMENT:CVE-2024-38280

HistoryJun 13, 2024 - 5:05 p.m.

CVE-2024-38280 Cleartext Storage in a File or on Disk in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

2024-06-1317:05:58

CWE-313

icscert

github.com

unauthorized access

cleartext storage

sensitive data

motorola solutions

vigilant

fixed lpr coms box

CVSS4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text.

CNA Affected

[
  {
    "vendor": "Motorola Solutions",
    "product": "Vigilant Fixed LPR Coms Box (BCAV1F2-C600)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "3.1.171.9"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:motorolasolutions:vigilant_fixed_lpr_coms_box:*:*:*:*:*:*:*:*"
    ],
    "vendor": "motorolasolutions",
    "product": "vigilant_fixed_lpr_coms_box",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "3.1.171.9"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-165-19

CVSS4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-38280