CVE-2024-38284 Motorola Solutions CVE debrief

Who should care

Organizations operating Motorola Solutions Vigilant license plate reader systems, critical infrastructure security teams, law enforcement technology administrators, and OT/ICS security practitioners responsible for physical security system integrations.

Technical summary

The Vigilant Fixed LPR Coms Box (BCAV1F2-C600) firmware version 3.1.171.9 and earlier logged transmitted data between the device and backend service. This logging included credentialed web requests, enabling an attacker with log access to capture and replay authenticated calls to the backend service. The vulnerability requires network access and low privileges to obtain logs. Motorola Solutions has remediated this by deploying updated software that does not log credentialed web requests and has completed remediation across all affected systems without requiring customer action.

Defensive priority

HIGH

Recommended defensive actions

• Verify no local log files remain on any Vigilant Fixed LPR Coms Box devices running firmware <=3.1.171.9
• Confirm devices have received vendor remediation (updated software not logging credentialed web requests)
• Review network segmentation between license plate reader devices and backend services
• Apply CISA ICS recommended practices for defense-in-depth strategies
• Monitor for anomalous backend service calls that may indicate replay attack attempts

Evidence notes

CISA advisory ICSA-24-165-19 confirms the affected product as Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600) version <=3.1.171.9. The advisory states transmitted data logging between device and backend service enables replay attacks. Remediation was completed by the vendor without requiring customer action.

Official resources