PatchSiren cyber security CVE debrief
CVE-2024-38282 Motorola Solutions CVE debrief
CVE-2024-38282 is a high-severity vulnerability in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600) license plate readers, published June 13, 2024. The issue stems from hardcoded default credentials that allow an attacker with local access to authenticate to the camera's operating system, potentially enabling operational changes or system shutdown requiring physical reboot. The vulnerability affects firmware versions ≤3.1.171.9 and carries a CVSS 3.1 score of 7.8 (HIGH). Motorola Solutions has already remediated this vulnerability across all affected systems; no customer action is required. For defense-in-depth, organizations should verify unique CJIS-compliant passwords are deployed per device and audit for any remaining default credential configurations in their LPR infrastructure.
- Vendor
- Motorola Solutions
- Product
- Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-13
- Original CVE updated
- 2024-06-13
- Advisory published
- 2024-06-13
- Advisory updated
- 2024-06-13
Who should care
Law enforcement agencies, transportation authorities, parking management operators, and critical infrastructure security teams deploying Motorola Solutions Vigilant license plate recognition systems. Organizations subject to CJIS compliance requirements should verify password policies align with current standards.
Technical summary
The Vigilant Fixed LPR Coms Box (BCAV1F2-C600) contained hardcoded default credentials that could be leveraged by an attacker with local access to gain operating system-level access to the camera. This access could enable modification of operational parameters or complete system shutdown, with recovery requiring physical reboot of the device. The vulnerability is classified as HIGH severity (CVSS 7.8) due to the significant confidentiality, integrity, and availability impacts possible once local access is achieved. Motorola Solutions has proactively remediated this issue across all affected deployments.
Defensive priority
HIGH
Recommended defensive actions
- Verify with Motorola Solutions that your Vigilant Fixed LPR Coms Box (BCAV1F2-C600) deployment has received the vendor remediation
- Audit all license plate reader infrastructure for any remaining default or hardcoded credentials
- Ensure all LPR devices use unique CJIS-compliant passwords per device
- Review network segmentation for LPR systems to limit local access attack vectors
- Monitor for unauthorized physical access attempts to LPR camera installations
Evidence notes
CISA ICS Advisory ICSA-24-165-19 confirms Motorola Solutions has already remediated this vulnerability for all vulnerable systems. The advisory specifies affected product as Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600): ≤3.1.171.9. CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H indicates local attack vector with low attack complexity, requiring low privileges but no user interaction, with high impact across confidentiality, integrity, and availability.
Official resources
-
CVE-2024-38282 CVE record
CVE.org
-
CVE-2024-38282 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Motorola Solutions has already remediated this vulnerability for all vulnerable systems. No further actions are required by customers.