cvelistv5 - cve-2022-31482

CVE-2022-31482 (GCVE-0-2022-31482)

Vulnerability from cvelistv5 – Published: 2022-06-06 16:39 – Updated: 2024-09-17 01:00

Summary

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-120 - Buffer Overflow

Assigner

Carrier

References

URL

Tags

https://www.corporate.carrier.com/product-securit…

x_refsource_MISC

Impacted products

Vendor

Product

Version

LenelS2

LNL-X2210

Affected: ALL , < 1.29 (custom)

LenelS2	LNL-X2220	Affected: ALL , < 1.29 (custom)
LenelS2	LNL-X3300	Affected: ALL , < 1.29 (custom)
LenelS2	LNL-X4420	Affected: ALL , < 1.29 (custom)
LenelS2	LNL-4420	Affected: ALL , < 1.29 (custom)
LenelS2	S2-LP-1501	Affected: ALL , < 1.29 (custom)
LenelS2	S2-LP-1502	Affected: ALL , < 1.29 (custom)
LenelS2	S2-LP-2500	Affected: ALL , < 1.29 (custom)
LenelS2	S2-LP-4502	Affected: ALL , < 1.29 (custom)
HID Mercury	LP1501	Affected: ALL , < 1.29 (custom)
HID Mercury	LP1502	Affected: ALL , < 1.29 (custom)
HID Mercury	LP2500	Affected: ALL , < 1.29 (custom)
HID Mercury	LP4502	Affected: ALL , < 1.29 (custom)
HID Mercury	EP4502	Affected: ALL , < 1.29 (custom)

Credits

Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:19:05.847Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LNL-X2210",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LNL-X2220",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LNL-X3300",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LNL-X4420",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LNL-4420",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "S2-LP-1501",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "S2-LP-1502",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "S2-LP-2500",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "S2-LP-4502",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LP1501",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LP1502",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LP2500",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LP4502",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "EP4502",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
        }
      ],
      "datePublic": "2022-06-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-06T16:39:22",
        "orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
        "shortName": "Carrier"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update to the latest version of firmware"
        }
      ],
      "source": {
        "advisory": "CARR-PSA-006-0522",
        "discovery": "EXTERNAL"
      },
      "title": "Denial-of-Service via internal structure overflow",
      "workarounds": [
        {
          "lang": "en",
          "value": "Disable the controller\u0027s Web Server.  \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productsecurity@carrier.com",
          "DATE_PUBLIC": "2022-06-02T22:00:00.000Z",
          "ID": "CVE-2022-31482",
          "STATE": "PUBLIC",
          "TITLE": "Denial-of-Service via internal structure overflow"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "LNL-X2210",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LNL-X2220",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LNL-X3300",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LNL-X4420",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LNL-4420",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "S2-LP-1501",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "S2-LP-1502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "S2-LP-2500",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "S2-LP-4502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "LenelS2"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "LP1501",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LP1502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LP2500",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LP4502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "EP4502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "HID Mercury"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-120 Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.corporate.carrier.com/product-security/advisories-resources/",
              "refsource": "MISC",
              "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update to the latest version of firmware"
          }
        ],
        "source": {
          "advisory": "CARR-PSA-006-0522",
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Disable the controller\u0027s Web Server.  \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
    "assignerShortName": "Carrier",
    "cveId": "CVE-2022-31482",
    "datePublished": "2022-06-06T16:39:22.500510Z",
    "dateReserved": "2022-05-23T00:00:00",
    "dateUpdated": "2024-09-17T01:00:48.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.29\", \"matchCriteriaId\": \"35999FD6-AC96-446D-8A53-F976B1E77CAD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hidglobal:lp1501:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9DC3EC5-C67D-4FE5-8B53-04AB785588FE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.29\", \"matchCriteriaId\": \"91D69F6B-3372-4B8C-BA65-8D06150B0332\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hidglobal:lp1502:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"902FDABA-C5D0-4CAE-BBDF-E4338D3A4DAF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.29\", \"matchCriteriaId\": \"94431442-0D7F-422F-8AB8-7F7BF6069134\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hidglobal:lp2500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AAC2A69E-BF7D-448B-8347-19CFFABED15A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.29\", \"matchCriteriaId\": \"8A199648-AE0D-44CB-82A8-A8265A7C71F2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hidglobal:lp4502:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22147A65-6ADE-46F3-AFF8-E46CE81D6E8B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.29\", \"matchCriteriaId\": \"166388C7-1B28-42C1-941C-55B54EB311FB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hidglobal:ep4502:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9A28A38-C57D-4FC6-8CAA-0011AF06D290\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:carrier:lenels2_lnl-4420_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.29\", \"matchCriteriaId\": \"D07F4655-BF3F-4AF6-A05E-B9CF03F8F9D3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:carrier:lenels2_lnl-4420:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36855319-E36B-47C3-B27E-E1509D1C9D4D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:carrier:lenels2_lnl-x2210_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.29\", \"matchCriteriaId\": \"655117A6-848B-4F24-9315-C72926BE4633\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:carrier:lenels2_lnl-x2210:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B091C8F-2C3A-47C9-92AC-550D977F781A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:carrier:lenels2_lnl-x2220_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.29\", \"matchCriteriaId\": \"7CCACB0A-D4AD-4D2C-8511-0F83B124C810\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:carrier:lenels2_lnl-x2220:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15FD8460-39D0-46C4-9F04-EB3B6C72767A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:carrier:lenels2_lnl-x3300_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.29\", \"matchCriteriaId\": \"E0726F2A-43BF-4D32-A1B7-97D67A3BDC2B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:carrier:lenels2_lnl-x3300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"389BE7A1-1B57-4097-9AAF-A6931C06BA15\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:carrier:lenels2_lnl-x4420_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.29\", \"matchCriteriaId\": \"A2FFA3E9-5658-4A94-BFA4-652595F2581C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:carrier:lenels2_lnl-x4420:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BC2BAEA-E139-47C2-9A8F-857AB1C7D54B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:carrier:lenels2_s2-lp-1501_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.29\", \"matchCriteriaId\": \"BF902078-8407-403D-8226-1614E1982CD7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:carrier:lenels2_s2-lp-1501:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3183C665-CD31-446D-8D95-908148675D25\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:carrier:lenels2_s2-lp-1502_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.29\", \"matchCriteriaId\": \"A703D6D9-C649-41C5-9C64-1E8FE3588B6A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:carrier:lenels2_s2-lp-1502:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93B38941-79D8-41E7-9763-989C0C3B6139\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:carrier:lenels2_s2-lp-2500_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.29\", \"matchCriteriaId\": \"2544AB9B-EDE0-4738-BA09-C652E58FDC6A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:carrier:lenels2_s2-lp-2500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1724D78F-EE79-4E48-BDB2-D399C573F42D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:carrier:lenels2_s2-lp-4502_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.29\", \"matchCriteriaId\": \"6D68BAE0-DB10-42FD-885A-CEE8CFA36BEC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:carrier:lenels2_s2-lp-4502:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"115129D2-5134-4BCD-B5D0-263F4687B59D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless.\"}, {\"lang\": \"es\", \"value\": \"Un atacante no autenticado puede enviar una petici\\u00f3n HTTP no autenticada especialmente dise\\u00f1ada al dispositivo que puede desbordar un b\\u00fafer. Esta vulnerabilidad afecta a los productos basados en los controladores inteligentes HID Mercury LP1501, LP1502, LP2500, LP4502 y EP4502 que contienen versiones de firmware anteriores a la 1.29. El desbordamiento de datos conlleva un fallo de segmentaci\\u00f3n y, en \\u00faltima instancia, una condici\\u00f3n de denegaci\\u00f3n de servicio, causando el reinicio del dispositivo. El impacto de esta vulnerabilidad es que un atacante no autenticado podr\\u00eda aprovechar este fallo para causar que el dispositivo de destino deje de responder. Un atacante podr\\u00eda automatizar este ataque para lograr un DoS persistente, inutilizando efectivamente el controlador de destino\"}]",
      "id": "CVE-2022-31482",
      "lastModified": "2024-11-21T07:04:33.063",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"productsecurity@carrier.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-06-06T17:15:11.210",
      "references": "[{\"url\": \"https://www.corporate.carrier.com/product-security/advisories-resources/\", \"source\": \"productsecurity@carrier.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.corporate.carrier.com/product-security/advisories-resources/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "productsecurity@carrier.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"productsecurity@carrier.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-31482\",\"sourceIdentifier\":\"productsecurity@carrier.com\",\"published\":\"2022-06-06T17:15:11.210\",\"lastModified\":\"2024-11-21T07:04:33.063\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless.\"},{\"lang\":\"es\",\"value\":\"Un atacante no autenticado puede enviar una petici\u00f3n HTTP no autenticada especialmente dise\u00f1ada al dispositivo que puede desbordar un b\u00fafer. Esta vulnerabilidad afecta a los productos basados en los controladores inteligentes HID Mercury LP1501, LP1502, LP2500, LP4502 y EP4502 que contienen versiones de firmware anteriores a la 1.29. El desbordamiento de datos conlleva un fallo de segmentaci\u00f3n y, en \u00faltima instancia, una condici\u00f3n de denegaci\u00f3n de servicio, causando el reinicio del dispositivo. El impacto de esta vulnerabilidad es que un atacante no autenticado podr\u00eda aprovechar este fallo para causar que el dispositivo de destino deje de responder. Un atacante podr\u00eda automatizar este ataque para lograr un DoS persistente, inutilizando efectivamente el controlador de destino\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"productsecurity@carrier.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productsecurity@carrier.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.29\",\"matchCriteriaId\":\"35999FD6-AC96-446D-8A53-F976B1E77CAD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hidglobal:lp1501:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9DC3EC5-C67D-4FE5-8B53-04AB785588FE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.29\",\"matchCriteriaId\":\"91D69F6B-3372-4B8C-BA65-8D06150B0332\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hidglobal:lp1502:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"902FDABA-C5D0-4CAE-BBDF-E4338D3A4DAF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.29\",\"matchCriteriaId\":\"94431442-0D7F-422F-8AB8-7F7BF6069134\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hidglobal:lp2500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAC2A69E-BF7D-448B-8347-19CFFABED15A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.29\",\"matchCriteriaId\":\"8A199648-AE0D-44CB-82A8-A8265A7C71F2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hidglobal:lp4502:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22147A65-6ADE-46F3-AFF8-E46CE81D6E8B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.29\",\"matchCriteriaId\":\"166388C7-1B28-42C1-941C-55B54EB311FB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hidglobal:ep4502:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9A28A38-C57D-4FC6-8CAA-0011AF06D290\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:carrier:lenels2_lnl-4420_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.29\",\"matchCriteriaId\":\"D07F4655-BF3F-4AF6-A05E-B9CF03F8F9D3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:carrier:lenels2_lnl-4420:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36855319-E36B-47C3-B27E-E1509D1C9D4D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:carrier:lenels2_lnl-x2210_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.29\",\"matchCriteriaId\":\"655117A6-848B-4F24-9315-C72926BE4633\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:carrier:lenels2_lnl-x2210:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B091C8F-2C3A-47C9-92AC-550D977F781A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:carrier:lenels2_lnl-x2220_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.29\",\"matchCriteriaId\":\"7CCACB0A-D4AD-4D2C-8511-0F83B124C810\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:carrier:lenels2_lnl-x2220:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15FD8460-39D0-46C4-9F04-EB3B6C72767A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:carrier:lenels2_lnl-x3300_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.29\",\"matchCriteriaId\":\"E0726F2A-43BF-4D32-A1B7-97D67A3BDC2B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:carrier:lenels2_lnl-x3300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"389BE7A1-1B57-4097-9AAF-A6931C06BA15\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:carrier:lenels2_lnl-x4420_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.29\",\"matchCriteriaId\":\"A2FFA3E9-5658-4A94-BFA4-652595F2581C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:carrier:lenels2_lnl-x4420:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BC2BAEA-E139-47C2-9A8F-857AB1C7D54B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:carrier:lenels2_s2-lp-1501_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.29\",\"matchCriteriaId\":\"BF902078-8407-403D-8226-1614E1982CD7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:carrier:lenels2_s2-lp-1501:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3183C665-CD31-446D-8D95-908148675D25\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:carrier:lenels2_s2-lp-1502_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.29\",\"matchCriteriaId\":\"A703D6D9-C649-41C5-9C64-1E8FE3588B6A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:carrier:lenels2_s2-lp-1502:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93B38941-79D8-41E7-9763-989C0C3B6139\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:carrier:lenels2_s2-lp-2500_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.29\",\"matchCriteriaId\":\"2544AB9B-EDE0-4738-BA09-C652E58FDC6A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:carrier:lenels2_s2-lp-2500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1724D78F-EE79-4E48-BDB2-D399C573F42D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:carrier:lenels2_s2-lp-4502_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.29\",\"matchCriteriaId\":\"6D68BAE0-DB10-42FD-885A-CEE8CFA36BEC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:carrier:lenels2_s2-lp-4502:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"115129D2-5134-4BCD-B5D0-263F4687B59D\"}]}]}],\"references\":[{\"url\":\"https://www.corporate.carrier.com/product-security/advisories-resources/\",\"source\":\"productsecurity@carrier.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.corporate.carrier.com/product-security/advisories-resources/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2022-77063

Vulnerability from cnvd - Published: 2022-11-15

Title

Carrier LenelS2 HID Mercury access panels缓冲区溢出漏洞（CNVD-2022-77063）

Description

Carrier LenelS2 HID Mercury access panels是美国Carrier公司的一个控制器面板。 Carrier LenelS2 HID Mercury access panels存在缓冲区溢出漏洞，攻击者可利用该漏洞向设备发送一个特别制作的未经身份验证的HTTP请求，该请求会溢出缓冲区。

Severity

高

Patch Name

Carrier LenelS2 HID Mercury access panels缓冲区溢出漏洞（CNVD-2022-77063）的补丁

Patch Description

Carrier LenelS2 HID Mercury access panels是美国Carrier公司的一个控制器面板。 Carrier LenelS2 HID Mercury access panels存在缓冲区溢出漏洞，攻击者可利用该漏洞向设备发送一个特别制作的未经身份验证的HTTP请求，该请求会溢出缓冲区。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.corporate.carrier.com/Images/CARR-PSA-HID-Mercury-Vulnerabilities-006-0622_tcm558-170514.pdf

Reference

https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-01

Impacted products

Name
['Carrier LenelS2 LNL-X3300', 'Carrier LenelS2 LNL-X4420', 'Carrier LenelS2 LNL-4420', 'Carrier LenelS2 S2-LP-1501', 'Carrier LenelS2 S2-LP-4502', 'Carrier LenelS2 S2-LP-2500', 'Carrier LenelS2 S2-LP-1502', 'Carrier LenelS2 LNL-X2210', 'Carrier LenelS2 LNL-X2220']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-31482"
    }
  },
  "description": "Carrier LenelS2 HID Mercury access panels\u662f\u7f8e\u56fdCarrier\u516c\u53f8\u7684\u4e00\u4e2a\u63a7\u5236\u5668\u9762\u677f\u3002\n\nCarrier LenelS2 HID Mercury access panels\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5411\u8bbe\u5907\u53d1\u9001\u4e00\u4e2a\u7279\u522b\u5236\u4f5c\u7684\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684HTTP\u8bf7\u6c42\uff0c\u8be5\u8bf7\u6c42\u4f1a\u6ea2\u51fa\u7f13\u51b2\u533a\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.corporate.carrier.com/Images/CARR-PSA-HID-Mercury-Vulnerabilities-006-0622_tcm558-170514.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-77063",
  "openTime": "2022-11-15",
  "patchDescription": "Carrier LenelS2 HID Mercury access panels\u662f\u7f8e\u56fdCarrier\u516c\u53f8\u7684\u4e00\u4e2a\u63a7\u5236\u5668\u9762\u677f\u3002\r\n\r\nCarrier LenelS2 HID Mercury access panels\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5411\u8bbe\u5907\u53d1\u9001\u4e00\u4e2a\u7279\u522b\u5236\u4f5c\u7684\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684HTTP\u8bf7\u6c42\uff0c\u8be5\u8bf7\u6c42\u4f1a\u6ea2\u51fa\u7f13\u51b2\u533a\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Carrier LenelS2 HID Mercury access panels\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2022-77063\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Carrier LenelS2 LNL-X3300",
      "Carrier LenelS2 LNL-X4420",
      "Carrier LenelS2 LNL-4420",
      "Carrier LenelS2 S2-LP-1501",
      "Carrier LenelS2 S2-LP-4502",
      "Carrier LenelS2 S2-LP-2500",
      "Carrier LenelS2 S2-LP-1502",
      "Carrier LenelS2 LNL-X2210",
      "Carrier LenelS2 LNL-X2220"
    ]
  },
  "referenceLink": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-01",
  "serverity": "\u9ad8",
  "submitTime": "2022-06-05",
  "title": "Carrier LenelS2 HID Mercury access panels\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2022-77063\uff09"
}

GHSA-4QF2-7M52-QFP8

Vulnerability from github – Published: 2022-06-07 00:00 – Updated: 2022-06-18 00:00

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-31482"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-06T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless.",
  "id": "GHSA-4qf2-7m52-qfp8",
  "modified": "2022-06-18T00:00:27Z",
  "published": "2022-06-07T00:00:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31482"
    },
    {
      "type": "WEB",
      "url": "https://www.corporate.carrier.com/product-security/advisories-resources"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

ICSA-22-153-01

Vulnerability from csaf_cisa - Published: 2022-06-02 00:00 - Updated: 2022-06-02 00:00

Summary

Carrier LenelS2 HID Mercury access panels

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could allow an attacker access to the device, allowing monitoring of all communications sent to and from the device, modification of onboard relays, changing of configuration files, device instability, and a denial-of-service condition.

Critical infrastructure sectors

Commercial Facilities

Countries/areas deployed

United States

Company headquarters location

United States

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/icsSeveral recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov/icsin the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Sam Quinn @eAyeP",
          "Steve Povolny @spovolny"
        ],
        "organization": "Trellix Threat Labs",
        "summary": "reporting these vulnerabilities to Carrier"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow an attacker access to the device, allowing monitoring of all communications sent to and from the device, modification of onboard relays, changing of configuration files, device instability, and a denial-of-service condition.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/icsSeveral recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov/icsin the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-22-153-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-153-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-22-153-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-153-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Carrier LenelS2 HID Mercury access panels",
    "tracking": {
      "current_release_date": "2022-06-02T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-22-153-01",
      "initial_release_date": "2022-06-02T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2022-06-02T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-22-153-01 Carrier LenelS2 HID Mercury access panels"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "LNL-X2210",
                "product": {
                  "name": "HID Mercury access panels sold by LenelS2 - LNL-X2210",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "HID Mercury access panels sold by LenelS2"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "LNL-X2220",
                "product": {
                  "name": "HID Mercury access panels sold by LenelS2 - LNL-X2220",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "HID Mercury access panels sold by LenelS2"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "LNL-X3300",
                "product": {
                  "name": "HID Mercury access panels sold by LenelS2 - LNL-X3300",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "HID Mercury access panels sold by LenelS2"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "LNL-X4420",
                "product": {
                  "name": "HID Mercury access panels sold by LenelS2 - LNL-X4420",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "HID Mercury access panels sold by LenelS2"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "LNL-4420",
                "product": {
                  "name": "HID Mercury access panels sold by LenelS2 - LNL-4420",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "HID Mercury access panels sold by LenelS2"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "S2-LP-1501",
                "product": {
                  "name": "HID Mercury access panels sold by LenelS2 - S2-LP-1501",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "HID Mercury access panels sold by LenelS2"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "S2-LP-4502",
                "product": {
                  "name": "HID Mercury access panels sold by LenelS2 - S2-LP-4502",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "HID Mercury access panels sold by LenelS2"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "S2-LP-2500",
                "product": {
                  "name": "HID Mercury access panels sold by LenelS2 - S2-LP-2500",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "HID Mercury access panels sold by LenelS2"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "S2-LP-1502",
                "product": {
                  "name": "HID Mercury access panels sold by LenelS2 - S2-LP-1502",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "HID Mercury access panels sold by LenelS2"
          }
        ],
        "category": "vendor",
        "name": "Carrier LenelS2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-31479",
      "cwe": {
        "id": "CWE-693",
        "name": "Protection Mechanism Failure"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An unauthenticated attacker can update the hostname with a specially crafted name, allowing shell command execution during the core collection process.CVE-2022-31479 has been assigned to this vulnerability. A CVSS v3 base score of 9.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31479"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Carrier recommends updating these access panels to the most current released firmware via the LenelS2 Partner Center. Please contact a Carrier support channel partner for instructions.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/contact-us/"
        },
        {
          "category": "mitigation",
          "details": "The controller can also be configured to disable web access, which prevents remote login into the controller\u0027s webpage. To log in, see the specific instructions in CARR-PSA-006-0622",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        },
        {
          "category": "mitigation",
          "details": "Carrier has published CARR-PSA-006-0622 to notify users about these vulnerabilities, providing additional mitigation instructions.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-31480",
      "cwe": {
        "id": "CWE-425",
        "name": "Direct Request (\u0027Forced Browsing\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a denial-of-service condition.CVE-2022-31480 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31480"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Carrier recommends updating these access panels to the most current released firmware via the LenelS2 Partner Center. Please contact a Carrier support channel partner for instructions.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/contact-us/"
        },
        {
          "category": "mitigation",
          "details": "The controller can also be configured to disable web access, which prevents remote login into the controller\u0027s webpage. To log in, see the specific instructions in CARR-PSA-006-0622",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        },
        {
          "category": "mitigation",
          "details": "Carrier has published CARR-PSA-006-0622 to notify users about these vulnerabilities, providing additional mitigation instructions.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-31481",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer.CVE-2022-31481 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31481"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Carrier recommends updating these access panels to the most current released firmware via the LenelS2 Partner Center. Please contact a Carrier support channel partner for instructions.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/contact-us/"
        },
        {
          "category": "mitigation",
          "details": "The controller can also be configured to disable web access, which prevents remote login into the controller\u0027s webpage. To log in, see the specific instructions in CARR-PSA-006-0622",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        },
        {
          "category": "mitigation",
          "details": "Carrier has published CARR-PSA-006-0622 to notify users about these vulnerabilities, providing additional mitigation instructions.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-31482",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer.CVE-2022-31482 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31482"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Carrier recommends updating these access panels to the most current released firmware via the LenelS2 Partner Center. Please contact a Carrier support channel partner for instructions.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/contact-us/"
        },
        {
          "category": "mitigation",
          "details": "The controller can also be configured to disable web access, which prevents remote login into the controller\u0027s webpage. To log in, see the specific instructions in CARR-PSA-006-0622",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        },
        {
          "category": "mitigation",
          "details": "Carrier has published CARR-PSA-006-0622 to notify users about these vulnerabilities, providing additional mitigation instructions.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-31483",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An authenticated attacker can manipulate a filename to achieve the ability to upload the desired file anywhere on the filesystem.CVE-2022-31483 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31483"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Carrier recommends updating these access panels to the most current released firmware via the LenelS2 Partner Center. Please contact a Carrier support channel partner for instructions.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/contact-us/"
        },
        {
          "category": "mitigation",
          "details": "The controller can also be configured to disable web access, which prevents remote login into the controller\u0027s webpage. To log in, see the specific instructions in CARR-PSA-006-0622",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        },
        {
          "category": "mitigation",
          "details": "Carrier has published CARR-PSA-006-0622 to notify users about these vulnerabilities, providing additional mitigation instructions.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-31484",
      "cwe": {
        "id": "CWE-425",
        "name": "Direct Request (\u0027Forced Browsing\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface.CVE-2022-31484 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31484"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Carrier recommends updating these access panels to the most current released firmware via the LenelS2 Partner Center. Please contact a Carrier support channel partner for instructions.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/contact-us/"
        },
        {
          "category": "mitigation",
          "details": "The controller can also be configured to disable web access, which prevents remote login into the controller\u0027s webpage. To log in, see the specific instructions in CARR-PSA-006-0622",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        },
        {
          "category": "mitigation",
          "details": "Carrier has published CARR-PSA-006-0622 to notify users about these vulnerabilities, providing additional mitigation instructions.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-31485",
      "cwe": {
        "id": "CWE-425",
        "name": "Direct Request (\u0027Forced Browsing\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An unauthenticated attacker can send a specially crafted packet to update the notes section on the home page of the web interface.CVE-2022-31485 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31485"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Carrier recommends updating these access panels to the most current released firmware via the LenelS2 Partner Center. Please contact a Carrier support channel partner for instructions.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/contact-us/"
        },
        {
          "category": "mitigation",
          "details": "The controller can also be configured to disable web access, which prevents remote login into the controller\u0027s webpage. To log in, see the specific instructions in CARR-PSA-006-0622",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        },
        {
          "category": "mitigation",
          "details": "Carrier has published CARR-PSA-006-0622 to notify users about these vulnerabilities, providing additional mitigation instructions.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-31486",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An authenticated attacker can send a specially crafted route to a specific binary causing it to execute shell commands.CVE-2022-31486 has been assigned to this vulnerability. A CVSS v3 base score 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31486"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Carrier recommends updating these access panels to the most current released firmware via the LenelS2 Partner Center. Please contact a Carrier support channel partner for instructions.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/contact-us/"
        },
        {
          "category": "mitigation",
          "details": "The controller can also be configured to disable web access, which prevents remote login into the controller\u0027s webpage. To log in, see the specific instructions in CARR-PSA-006-0622",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        },
        {
          "category": "mitigation",
          "details": "Carrier has published CARR-PSA-006-0622 to notify users about these vulnerabilities, providing additional mitigation instructions.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        }
      ]
    }
  ]
}

FKIE_CVE-2022-31482

Vulnerability from fkie_nvd - Published: 2022-06-06 17:15 - Updated: 2024-11-21 07:04

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	productsecurity@carrier.com	https://www.corporate.carrier.com/product-security/advisories-resources/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.corporate.carrier.com/product-security/advisories-resources/	Vendor Advisory

Impacted products

Vendor	Product	Version
hidglobal	lp1501_firmware	*
hidglobal	lp1501	-
hidglobal	lp1502_firmware	*
hidglobal	lp1502	-
hidglobal	lp2500_firmware	*
hidglobal	lp2500	-
hidglobal	lp4502_firmware	*
hidglobal	lp4502	-
hidglobal	ep4502_firmware	*
hidglobal	ep4502	-
carrier	lenels2_lnl-4420_firmware	*
carrier	lenels2_lnl-4420	-
carrier	lenels2_lnl-x2210_firmware	*
carrier	lenels2_lnl-x2210	-
carrier	lenels2_lnl-x2220_firmware	*
carrier	lenels2_lnl-x2220	-
carrier	lenels2_lnl-x3300_firmware	*
carrier	lenels2_lnl-x3300	-
carrier	lenels2_lnl-x4420_firmware	*
carrier	lenels2_lnl-x4420	-
carrier	lenels2_s2-lp-1501_firmware	*
carrier	lenels2_s2-lp-1501	-
carrier	lenels2_s2-lp-1502_firmware	*
carrier	lenels2_s2-lp-1502	-
carrier	lenels2_s2-lp-2500_firmware	*
carrier	lenels2_s2-lp-2500	-
carrier	lenels2_s2-lp-4502_firmware	*
carrier	lenels2_s2-lp-4502	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35999FD6-AC96-446D-8A53-F976B1E77CAD",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hidglobal:lp1501:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9DC3EC5-C67D-4FE5-8B53-04AB785588FE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91D69F6B-3372-4B8C-BA65-8D06150B0332",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hidglobal:lp1502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "902FDABA-C5D0-4CAE-BBDF-E4338D3A4DAF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "94431442-0D7F-422F-8AB8-7F7BF6069134",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hidglobal:lp2500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAC2A69E-BF7D-448B-8347-19CFFABED15A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A199648-AE0D-44CB-82A8-A8265A7C71F2",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hidglobal:lp4502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22147A65-6ADE-46F3-AFF8-E46CE81D6E8B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "166388C7-1B28-42C1-941C-55B54EB311FB",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hidglobal:ep4502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9A28A38-C57D-4FC6-8CAA-0011AF06D290",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:carrier:lenels2_lnl-4420_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D07F4655-BF3F-4AF6-A05E-B9CF03F8F9D3",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:carrier:lenels2_lnl-4420:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "36855319-E36B-47C3-B27E-E1509D1C9D4D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:carrier:lenels2_lnl-x2210_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "655117A6-848B-4F24-9315-C72926BE4633",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:carrier:lenels2_lnl-x2210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B091C8F-2C3A-47C9-92AC-550D977F781A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:carrier:lenels2_lnl-x2220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCACB0A-D4AD-4D2C-8511-0F83B124C810",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:carrier:lenels2_lnl-x2220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "15FD8460-39D0-46C4-9F04-EB3B6C72767A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:carrier:lenels2_lnl-x3300_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0726F2A-43BF-4D32-A1B7-97D67A3BDC2B",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:carrier:lenels2_lnl-x3300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "389BE7A1-1B57-4097-9AAF-A6931C06BA15",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:carrier:lenels2_lnl-x4420_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2FFA3E9-5658-4A94-BFA4-652595F2581C",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:carrier:lenels2_lnl-x4420:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BC2BAEA-E139-47C2-9A8F-857AB1C7D54B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:carrier:lenels2_s2-lp-1501_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF902078-8407-403D-8226-1614E1982CD7",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:carrier:lenels2_s2-lp-1501:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3183C665-CD31-446D-8D95-908148675D25",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:carrier:lenels2_s2-lp-1502_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A703D6D9-C649-41C5-9C64-1E8FE3588B6A",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:carrier:lenels2_s2-lp-1502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "93B38941-79D8-41E7-9763-989C0C3B6139",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:carrier:lenels2_s2-lp-2500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2544AB9B-EDE0-4738-BA09-C652E58FDC6A",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:carrier:lenels2_s2-lp-2500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1724D78F-EE79-4E48-BDB2-D399C573F42D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:carrier:lenels2_s2-lp-4502_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D68BAE0-DB10-42FD-885A-CEE8CFA36BEC",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:carrier:lenels2_s2-lp-4502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "115129D2-5134-4BCD-B5D0-263F4687B59D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless."
    },
    {
      "lang": "es",
      "value": "Un atacante no autenticado puede enviar una petici\u00f3n HTTP no autenticada especialmente dise\u00f1ada al dispositivo que puede desbordar un b\u00fafer. Esta vulnerabilidad afecta a los productos basados en los controladores inteligentes HID Mercury LP1501, LP1502, LP2500, LP4502 y EP4502 que contienen versiones de firmware anteriores a la 1.29. El desbordamiento de datos conlleva un fallo de segmentaci\u00f3n y, en \u00faltima instancia, una condici\u00f3n de denegaci\u00f3n de servicio, causando el reinicio del dispositivo. El impacto de esta vulnerabilidad es que un atacante no autenticado podr\u00eda aprovechar este fallo para causar que el dispositivo de destino deje de responder. Un atacante podr\u00eda automatizar este ataque para lograr un DoS persistente, inutilizando efectivamente el controlador de destino"
    }
  ],
  "id": "CVE-2022-31482",
  "lastModified": "2024-11-21T07:04:33.063",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "productsecurity@carrier.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-06T17:15:11.210",
  "references": [
    {
      "source": "productsecurity@carrier.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
    }
  ],
  "sourceIdentifier": "productsecurity@carrier.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "productsecurity@carrier.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2022-31482

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-31482

Aliases

CVE-2022-31482

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-31482",
    "description": "An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless.",
    "id": "GSD-2022-31482"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-31482"
      ],
      "details": "An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless.",
      "id": "GSD-2022-31482",
      "modified": "2023-12-13T01:19:18.206443Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productsecurity@carrier.com",
        "DATE_PUBLIC": "2022-06-02T22:00:00.000Z",
        "ID": "CVE-2022-31482",
        "STATE": "PUBLIC",
        "TITLE": "Denial-of-Service via internal structure overflow"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "LNL-X2210",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "ALL",
                          "version_value": "1.29"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "LNL-X2220",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "ALL",
                          "version_value": "1.29"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "LNL-X3300",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "ALL",
                          "version_value": "1.29"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "LNL-X4420",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "ALL",
                          "version_value": "1.29"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "LNL-4420",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "ALL",
                          "version_value": "1.29"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "S2-LP-1501",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "ALL",
                          "version_value": "1.29"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "S2-LP-1502",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "ALL",
                          "version_value": "1.29"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "S2-LP-2500",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "ALL",
                          "version_value": "1.29"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "S2-LP-4502",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "ALL",
                          "version_value": "1.29"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "LenelS2"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "LP1501",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "ALL",
                          "version_value": "1.29"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "LP1502",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "ALL",
                          "version_value": "1.29"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "LP2500",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "ALL",
                          "version_value": "1.29"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "LP4502",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "ALL",
                          "version_value": "1.29"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "EP4502",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "ALL",
                          "version_value": "1.29"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "HID Mercury"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-120 Buffer Overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.corporate.carrier.com/product-security/advisories-resources/",
            "refsource": "MISC",
            "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "Update to the latest version of firmware"
        }
      ],
      "source": {
        "advisory": "CARR-PSA-006-0522",
        "discovery": "EXTERNAL"
      },
      "work_around": [
        {
          "lang": "eng",
          "value": "Disable the controller\u0027s Web Server.  \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.29",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hidglobal:lp1501:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.29",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hidglobal:lp1502:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.29",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hidglobal:lp2500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.29",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hidglobal:lp4502:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.29",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hidglobal:ep4502:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:carrier:lenels2_lnl-4420_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.29",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:carrier:lenels2_lnl-4420:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:carrier:lenels2_lnl-x2210_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.29",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:carrier:lenels2_lnl-x2210:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:carrier:lenels2_lnl-x2220_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.29",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:carrier:lenels2_lnl-x2220:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:carrier:lenels2_lnl-x3300_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.29",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:carrier:lenels2_lnl-x3300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:carrier:lenels2_lnl-x4420_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.29",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:carrier:lenels2_lnl-x4420:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:carrier:lenels2_s2-lp-1501_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.29",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:carrier:lenels2_s2-lp-1501:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:carrier:lenels2_s2-lp-1502_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.29",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:carrier:lenels2_s2-lp-1502:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:carrier:lenels2_s2-lp-2500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.29",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:carrier:lenels2_s2-lp-2500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:carrier:lenels2_s2-lp-4502_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.29",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:carrier:lenels2_s2-lp-4502:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productsecurity@carrier.com",
          "ID": "CVE-2022-31482"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-120"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.corporate.carrier.com/product-security/advisories-resources/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-06-17T14:49Z",
      "publishedDate": "2022-06-06T17:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-31482 (GCVE-0-2022-31482)

CNVD-2022-77063

GHSA-4QF2-7M52-QFP8

ICSA-22-153-01

FKIE_CVE-2022-31482

GSD-2022-31482

Tags

Sightings

Nomenclature