CVE-2023-0248

Опубликовано: 14 дек. 2023

Источник: nvd

CVSS3: 7.5

CVSS3: 5.3

EPSS Низкий

Описание

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.

Ссылки

https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02
Third Party Advisory
US Government Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Vendor Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02
Third Party Advisory
US Government Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:johnsoncontrols:iosmart_gen_1_firmware:*:*:*:*:*:*:*:*

Версия до 1.07.02 (исключая)

cpe:2.3:h:johnsoncontrols:iosmart_gen_1:-:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00098

Низкий

7.5 High

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-200

CWE-401

Связанные уязвимости

GHSA-6ww3-v82p-jv78

CVSS3: 7.5

github

около 2 лет назад

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.7.2 in certain circumstances can recover the reader's communication memory between the card and reader.

EPSS

Процентиль: 27%

0.00098

Низкий

7.5 High

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-200

CWE-401