Lucene search
JciCVE-2023-0248HistoryDec 14, 2023 - 9:15 p.m.
CVE-2023-0248
2023-12-1421:15:07
CWE-401
CWE-200
jci
web.nvd.nist.gov
17
cve-2023-0248
kantech
gen1
iosmart
card reader
firmware
communication
memory
attacker
physical access
CVSS3
7.5
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L
AI Score
5
Confidence
High
EPSS
0.001
Percentile
20.6%
An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader’s communication memory between the card and reader.
Affected configurations
Node
johnsoncontrolsiosmart_gen_1_firmwareRange<1.07.02
johnsoncontrolsiosmart_gen_1Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| johnsoncontrols | iosmart_gen_1_firmware | * | cpe:2.3:o:johnsoncontrols:iosmart_gen_1_firmware:*:*:*:*:*:*:*:* |
| johnsoncontrols | iosmart_gen_1 | - | cpe:2.3:h:johnsoncontrols:iosmart_gen_1:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "ioSmart Gen1",
"vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.",
"versions": [
{
"lessThan": "1.07.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
prion
prion
Memory corruption
2023-12-14 21:15:00
cvelist
cvelist
CVE-2023-0248 Kantech Gen1 ioSmart card reader
2023-12-14 20:57:33
ics
ics
Johnson Controls Kantech Gen1 ioSmart
2023-12-14 12:00:00
nvd
nvd
CVE-2023-0248
2023-12-14 21:15:07
CVSS3
7.5
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L
AI Score
5
Confidence
High
EPSS
0.001
Percentile
20.6%
Related for CVE-2023-0248