CVE-2024-38280

An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:motorola:vigilant_fixed_lpr_coms_box_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:motorola:vigilant_fixed_lpr_coms_box:-:*:*:*:*:*:*:*

History

03 Oct 2024, 19:36

Type	Values Removed	Values Added
Summary		(es) Un usuario no autorizado puede obtener acceso a datos confidenciales, incluidas las credenciales, recuperando físicamente el disco duro del producto, ya que los datos se almacenan en texto plano.
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 - Third Party Advisory, US Government Resource
CPE		cpe:2.3:h:motorola:vigilant_fixed_lpr_coms_box:-:::::::* cpe:2.3:o:motorola:vigilant_fixed_lpr_coms_box_firmware::::::::
First Time		Motorola vigilant Fixed Lpr Coms Box Firmware Motorola Motorola vigilant Fixed Lpr Coms Box
CWE		CWE-312
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.6

13 Jun 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-13 17:15

Updated : 2024-10-03 19:36

NVD link : CVE-2024-38280

Mitre link : CVE-2024-38280

CVE.ORG link : CVE-2024-38280

JSON object : View

Products Affected

motorola

vigilant_fixed_lpr_coms_box_firmware
vigilant_fixed_lpr_coms_box

CWE

CWE-312

Cleartext Storage of Sensitive Information

CWE-313

Cleartext Storage in a File or on Disk

{"id": "CVE-2024-38280", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}], "cvssMetricV40": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 7.0, "automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-06-13T17:15:51.477", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-313"}]}], "descriptions": [{"lang": "en", "value": "An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text."}, {"lang": "es", "value": "Un usuario no autorizado puede obtener acceso a datos confidenciales, incluidas las credenciales, recuperando f\u00edsicamente el disco duro del producto, ya que los datos se almacenan en texto plano."}], "lastModified": "2024-10-03T19:36:35.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:motorola:vigilant_fixed_lpr_coms_box_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E85B1E9A-C212-4469-AA63-243CDB7187B3", "versionEndIncluding": "3.1.171.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:motorola:vigilant_fixed_lpr_coms_box:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BC3B1257-7688-48D0-8BDA-6E651746FDBB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}