CVE-2024-38283 Motorola Solutions CVE debrief

Who should care

Organizations operating Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600) license plate reader systems, particularly in law enforcement, parking enforcement, and critical infrastructure security applications where license plate data confidentiality is required.

Technical summary

The Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600) stores sensitive customer information without encryption. An attacker with physical access to the device can extract this unencrypted data. The vulnerability is rated CVSS 3.1 4.6 (MEDIUM) with attack vector PHYSICAL, low attack complexity, and high confidentiality impact. Affected versions are firmware 3.1.171.9 and earlier. Motorola Solutions has already remediated this vulnerability across all affected systems; no customer action is required.

Defensive priority

medium

Recommended defensive actions

• Verify that affected Motorola Solutions Vigilant Fixed LPR Coms Box devices are running firmware newer than version 3.1.171.9
• Contact Motorola Solutions support if device firmware version cannot be confirmed or if remediation status is uncertain
• Review device physical security controls to prevent unauthorized local access
• Monitor CISA ICS advisories for related security updates

Evidence notes

CISA advisory ICSA-24-165-19 confirms the vulnerability affects Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600) firmware version 3.1.171.9 and earlier. The advisory states that sensitive customer information is stored in the device without encryption. Motorola Solutions reports that remediation has already been applied to all vulnerable systems.

Official resources