All the vulnerabilites related to Sciener - TTLock App
cve-2023-7004
Vulnerability from cvelistv5
Published
2024-03-15 17:08
Modified
2024-08-26 16:11
Severity ?
EPSS score ?
Summary
The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Sciener | TTLock App |
Version: 6.4.5 < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:06.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ttlock_app",
"vendor": "sciener",
"versions": [
{
"status": "affected",
"version": "6.4.5"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7004",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T18:47:46.273560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-940",
"description": "CWE-940 Improper Verification of Source of a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T16:11:15.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TTLock App",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T17:08:11.547Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7004",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7004"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7004",
"datePublished": "2024-03-15T17:08:11.547Z",
"dateReserved": "2023-12-20T14:56:26.682Z",
"dateUpdated": "2024-08-26T16:11:15.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-7005
Vulnerability from cvelistv5
Published
2024-12-19 17:35
Modified
2024-12-20 17:47
Severity ?
EPSS score ?
Summary
A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Sciener | TTLock App |
Version: 6.4.5 < |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T17:42:17.781968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T17:47:11.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TTLock App",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-757: Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T17:35:45.594Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7005",
"x_generator": {
"engine": "VINCE 3.0.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7005"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7005",
"datePublished": "2024-12-19T17:35:45.594Z",
"dateReserved": "2023-12-20T14:58:39.182Z",
"dateUpdated": "2024-12-20T17:47:11.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6960
Vulnerability from cvelistv5
Published
2024-03-15 17:09
Modified
2024-08-02 08:50
Severity ?
EPSS score ?
Summary
TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Sciener | TTLock App |
Version: 6.4.5 < |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ttlock_app",
"vendor": "sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-6960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T14:03:29.310178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T15:38:32.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:06.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TTLock App",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-324: Use of a Key Past its Expiration Date",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-603: Use of Client-Side Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T17:09:26.926Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-6960",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-6960"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-6960",
"datePublished": "2024-03-15T17:09:26.926Z",
"dateReserved": "2023-12-19T19:28:41.442Z",
"dateUpdated": "2024-08-02T08:50:06.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}