Search criteria
2 vulnerabilities found for ioSmart Gen1 by Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.
CVE-2023-0248 (GCVE-0-2023-0248)
Vulnerability from cvelistv5 – Published: 2023-12-14 20:57 – Updated: 2024-10-08 14:19
VLAI?
Title
Kantech Gen1 ioSmart card reader
Summary
An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.
Severity ?
7.5 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sensormatic Electronics, a subsidiary of Johnson Controls, Inc. | ioSmart Gen1 |
Affected:
0 , < 1.07.02
(custom)
|
Credits
Colin O’Flynn at NewAE Technology Inc.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:44.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T21:03:38.527676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:19:18.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ioSmart Gen1",
"vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.",
"versions": [
{
"lessThan": "1.07.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Colin O\u2019Flynn at NewAE Technology Inc."
}
],
"datePublic": "2023-12-14T20:34:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader\u0027s communication memory between the card and reader.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader\u0027s communication memory between the card and reader.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-54",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-54 Query System for Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-15T21:16:03.463Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update ioSmart Gen1 card reader to firmware version 1.07.02 or higher.\u003cbr\u003eDownload the update here:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.kantech.com/Resources/GetDoc.aspx?p=1\u0026amp;id=58679\"\u003ehttps://www.kantech.com/Resources/GetDoc.aspx?p=1\u0026amp;id=58679\u003c/a\u003e\u003cbr\u003eContact technical support for additional information.\u003cbr\u003e\u003cbr\u003eioSmart Gen2 readers are not affected by this behavior.\u003cbr\u003eContact your local sales representative for ordering information.\u003cbr\u003e"
}
],
"value": "Update ioSmart Gen1 card reader to firmware version 1.07.02 or higher.\nDownload the update here:\u00a0 https://www.kantech.com/Resources/GetDoc.aspx?p=1\u0026id=58679 https://www.kantech.com/Resources/GetDoc.aspx \nContact technical support for additional information.\n\nioSmart Gen2 readers are not affected by this behavior.\nContact your local sales representative for ordering information.\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Kantech Gen1 ioSmart card reader",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2023-0248",
"datePublished": "2023-12-14T20:57:33.625Z",
"dateReserved": "2023-01-12T15:26:20.842Z",
"dateUpdated": "2024-10-08T14:19:18.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0248 (GCVE-0-2023-0248)
Vulnerability from nvd – Published: 2023-12-14 20:57 – Updated: 2024-10-08 14:19
VLAI?
Title
Kantech Gen1 ioSmart card reader
Summary
An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.
Severity ?
7.5 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sensormatic Electronics, a subsidiary of Johnson Controls, Inc. | ioSmart Gen1 |
Affected:
0 , < 1.07.02
(custom)
|
Credits
Colin O’Flynn at NewAE Technology Inc.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:44.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T21:03:38.527676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:19:18.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ioSmart Gen1",
"vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.",
"versions": [
{
"lessThan": "1.07.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Colin O\u2019Flynn at NewAE Technology Inc."
}
],
"datePublic": "2023-12-14T20:34:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader\u0027s communication memory between the card and reader.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader\u0027s communication memory between the card and reader.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-54",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-54 Query System for Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-15T21:16:03.463Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update ioSmart Gen1 card reader to firmware version 1.07.02 or higher.\u003cbr\u003eDownload the update here:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.kantech.com/Resources/GetDoc.aspx?p=1\u0026amp;id=58679\"\u003ehttps://www.kantech.com/Resources/GetDoc.aspx?p=1\u0026amp;id=58679\u003c/a\u003e\u003cbr\u003eContact technical support for additional information.\u003cbr\u003e\u003cbr\u003eioSmart Gen2 readers are not affected by this behavior.\u003cbr\u003eContact your local sales representative for ordering information.\u003cbr\u003e"
}
],
"value": "Update ioSmart Gen1 card reader to firmware version 1.07.02 or higher.\nDownload the update here:\u00a0 https://www.kantech.com/Resources/GetDoc.aspx?p=1\u0026id=58679 https://www.kantech.com/Resources/GetDoc.aspx \nContact technical support for additional information.\n\nioSmart Gen2 readers are not affected by this behavior.\nContact your local sales representative for ordering information.\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Kantech Gen1 ioSmart card reader",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2023-0248",
"datePublished": "2023-12-14T20:57:33.625Z",
"dateReserved": "2023-01-12T15:26:20.842Z",
"dateUpdated": "2024-10-08T14:19:18.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}