Lucene search

IcscertCVELIST:CVE-2024-38280

HistoryJun 13, 2024 - 5:05 p.m.

CVE-2024-38280 Cleartext Storage in a File or on Disk in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

2024-06-1317:05:58

CWE-313

icscert

www.cve.org

cleartext storage

vulnerability

motorola solutions vigilant

fixed lpr coms box

data breach

sensitive data

unauthorized access

7 High

CVSS4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Vigilant Fixed LPR Coms Box (BCAV1F2-C600)",
    "vendor": "Motorola Solutions",
    "versions": [
      {
        "lessThanOrEqual": "3.1.171.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-165-19

7 High

CVSS4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-38280