CVE-2024-1578 (GCVE-0-2024-1578)
Vulnerability from cvelistv5 – Published: 2024-09-16 06:59 – Updated: 2024-09-16 14:33
VLAI?
Summary
The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the ‘ID card self-registration’ function.
Severity ?
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Rebranded by NT-ware (originally developed and provided by rf IDEAS) | MiCard PLUS Ci |
Affected:
0.1.0.7
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nt-ware:micard_plus_ci:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "micard_plus_ci",
"vendor": "nt-ware",
"versions": [
{
"status": "affected",
"version": "0.1.0.7"
}
]
},
{
"cpes": [
"cpe:2.3:a:nt-ware:micard_plus_ble:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "micard_plus_ble",
"vendor": "nt-ware",
"versions": [
{
"status": "affected",
"version": "0.1.0.4"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-1578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:25:22.510204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T14:33:10.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"RDR-80031BKU-NT-20"
],
"product": "MiCard PLUS Ci",
"vendor": "Rebranded by NT-ware (originally developed and provided by rf IDEAS)",
"versions": [
{
"status": "affected",
"version": "0.1.0.7",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"modules": [
"RDR-30531EKU-NT-20"
],
"product": "MiCard PLUS BLE",
"vendor": "Rebranded by NT-ware (originally developed and provided by rf IDEAS)",
"versions": [
{
"status": "affected",
"version": "0.1.0.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-09-16T06:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the \u2018ID card self-registration\u2019 function."
}
],
"value": "The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the \u2018ID card self-registration\u2019 function."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Not applicable"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T06:59:35.306Z",
"orgId": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3",
"shortName": "Canon_EMEA"
},
"references": [
{
"tags": [
"vendor-advisory",
"mitigation"
],
"url": "https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters"
},
{
"tags": [
"vendor-advisory",
"mitigation"
],
"url": "https://www.canon-europe.com/psirt/advisory-information"
}
],
"source": {
"discovery": "USER"
},
"tags": [
"x_nt_ware",
"x_rf_ideas",
"x_third_party",
"x_canon_emea"
],
"title": "Multiple MiCard PLUS card reader dropped characters",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3",
"assignerShortName": "Canon_EMEA",
"cveId": "CVE-2024-1578",
"datePublished": "2024-09-16T06:59:35.306Z",
"dateReserved": "2024-02-16T10:45:13.818Z",
"dateUpdated": "2024-09-16T14:33:10.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rfideas:micard_plus_ci_firmware:0.1.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF183E5B-D277-422A-AEC8-3FA8253BEFDA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rfideas:micard_plus_ci:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34DA9EB3-51BA-4F27-83CF-25B1A4061C6E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rfideas:micard_plus_ble_firmware:0.1.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D897A1C4-F336-49A2-B805-F6CFA20234A1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rfideas:micard_plus_ble:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D784B14-21AE-4BF0-A1AF-3E43E85E7F79\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the \\u2018ID card self-registration\\u2019 function.\"}, {\"lang\": \"es\", \"value\": \"Los lectores MiCard PLUS Ci y MiCard PLUS BLE desarrollados por rf IDEAS y renombrados por NT-ware tienen un fallo de firmware que puede provocar que se eliminen caracteres de forma aleatoria en algunas lecturas de tarjetas de identificaci\\u00f3n, lo que dar\\u00eda lugar a que se asignara un n\\u00famero de tarjeta de identificaci\\u00f3n incorrecto durante el autorregistro de la tarjeta de identificaci\\u00f3n y podr\\u00eda provocar intentos fallidos de inicio de sesi\\u00f3n para los usuarios finales. La eliminaci\\u00f3n aleatoria de caracteres de los n\\u00fameros de tarjeta de identificaci\\u00f3n compromete la unicidad de las tarjetas de identificaci\\u00f3n, lo que puede, por lo tanto, generar un problema de seguridad si los usuarios utilizan la funci\\u00f3n de \\\"autorregistro de tarjeta de identificaci\\u00f3n\\\".\"}]",
"id": "CVE-2024-1578",
"lastModified": "2024-09-20T13:53:31.657",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"4586e0a2-224d-4f8a-9cb4-8882b208c0b3\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"NONE\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 0.5, \"impactScore\": 4.7}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 0.5, \"impactScore\": 4.7}]}",
"published": "2024-09-16T07:15:02.030",
"references": "[{\"url\": \"https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters\", \"source\": \"4586e0a2-224d-4f8a-9cb4-8882b208c0b3\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.canon-europe.com/psirt/advisory-information\", \"source\": \"4586e0a2-224d-4f8a-9cb4-8882b208c0b3\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"4586e0a2-224d-4f8a-9cb4-8882b208c0b3\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1287\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-1578\",\"sourceIdentifier\":\"4586e0a2-224d-4f8a-9cb4-8882b208c0b3\",\"published\":\"2024-09-16T07:15:02.030\",\"lastModified\":\"2024-09-20T13:53:31.657\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the \u2018ID card self-registration\u2019 function.\"},{\"lang\":\"es\",\"value\":\"Los lectores MiCard PLUS Ci y MiCard PLUS BLE desarrollados por rf IDEAS y renombrados por NT-ware tienen un fallo de firmware que puede provocar que se eliminen caracteres de forma aleatoria en algunas lecturas de tarjetas de identificaci\u00f3n, lo que dar\u00eda lugar a que se asignara un n\u00famero de tarjeta de identificaci\u00f3n incorrecto durante el autorregistro de la tarjeta de identificaci\u00f3n y podr\u00eda provocar intentos fallidos de inicio de sesi\u00f3n para los usuarios finales. La eliminaci\u00f3n aleatoria de caracteres de los n\u00fameros de tarjeta de identificaci\u00f3n compromete la unicidad de las tarjetas de identificaci\u00f3n, lo que puede, por lo tanto, generar un problema de seguridad si los usuarios utilizan la funci\u00f3n de \\\"autorregistro de tarjeta de identificaci\u00f3n\\\".\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"4586e0a2-224d-4f8a-9cb4-8882b208c0b3\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.5,\"impactScore\":4.7},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.5,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"4586e0a2-224d-4f8a-9cb4-8882b208c0b3\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rfideas:micard_plus_ci_firmware:0.1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF183E5B-D277-422A-AEC8-3FA8253BEFDA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rfideas:micard_plus_ci:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34DA9EB3-51BA-4F27-83CF-25B1A4061C6E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rfideas:micard_plus_ble_firmware:0.1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D897A1C4-F336-49A2-B805-F6CFA20234A1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rfideas:micard_plus_ble:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D784B14-21AE-4BF0-A1AF-3E43E85E7F79\"}]}]}],\"references\":[{\"url\":\"https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters\",\"source\":\"4586e0a2-224d-4f8a-9cb4-8882b208c0b3\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.canon-europe.com/psirt/advisory-information\",\"source\":\"4586e0a2-224d-4f8a-9cb4-8882b208c0b3\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-1578\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-16T14:25:22.510204Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:nt-ware:micard_plus_ci:*:*:*:*:*:*:*:*\"], \"vendor\": \"nt-ware\", \"product\": \"micard_plus_ci\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.1.0.7\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:nt-ware:micard_plus_ble:*:*:*:*:*:*:*:*\"], \"vendor\": \"nt-ware\", \"product\": \"micard_plus_ble\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.1.0.4\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-16T14:22:57.862Z\"}}], \"cna\": {\"tags\": [\"x_nt_ware\", \"x_rf_ideas\", \"x_third_party\", \"x_canon_emea\"], \"title\": \"Multiple MiCard PLUS card reader dropped characters\", \"source\": {\"discovery\": \"USER\"}, \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Not applicable\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Rebranded by NT-ware (originally developed and provided by rf IDEAS)\", \"modules\": [\"RDR-80031BKU-NT-20\"], \"product\": \"MiCard PLUS Ci\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.1.0.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Rebranded by NT-ware (originally developed and provided by rf IDEAS)\", \"modules\": [\"RDR-30531EKU-NT-20\"], \"product\": \"MiCard PLUS BLE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.1.0.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2024-09-16T06:59:00.000Z\", \"references\": [{\"url\": \"https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters\", \"tags\": [\"vendor-advisory\", \"mitigation\"]}, {\"url\": \"https://www.canon-europe.com/psirt/advisory-information\", \"tags\": [\"vendor-advisory\", \"mitigation\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the \\u2018ID card self-registration\\u2019 function.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the \\u2018ID card self-registration\\u2019 function.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1287\", \"description\": \"CWE-1287: Improper Validation of Specified Type of Input\"}]}], \"providerMetadata\": {\"orgId\": \"4586e0a2-224d-4f8a-9cb4-8882b208c0b3\", \"shortName\": \"Canon_EMEA\", \"dateUpdated\": \"2024-09-16T06:59:35.306Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-1578\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-16T14:33:10.067Z\", \"dateReserved\": \"2024-02-16T10:45:13.818Z\", \"assignerOrgId\": \"4586e0a2-224d-4f8a-9cb4-8882b208c0b3\", \"datePublished\": \"2024-09-16T06:59:35.306Z\", \"assignerShortName\": \"Canon_EMEA\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…