FKIE_CVE-2022-31482

Vulnerability from fkie_nvd - Published: 2022-06-06 17:15 - Updated: 2024-11-21 07:04
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless.
References
productsecurity@carrier.comhttps://www.corporate.carrier.com/product-security/advisories-resources/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.corporate.carrier.com/product-security/advisories-resources/Vendor Advisory
Impacted products
Vendor Product Version
hidglobal lp1501_firmware *
hidglobal lp1501 -
hidglobal lp1502_firmware *
hidglobal lp1502 -
hidglobal lp2500_firmware *
hidglobal lp2500 -
hidglobal lp4502_firmware *
hidglobal lp4502 -
hidglobal ep4502_firmware *
hidglobal ep4502 -
carrier lenels2_lnl-4420_firmware *
carrier lenels2_lnl-4420 -
carrier lenels2_lnl-x2210_firmware *
carrier lenels2_lnl-x2210 -
carrier lenels2_lnl-x2220_firmware *
carrier lenels2_lnl-x2220 -
carrier lenels2_lnl-x3300_firmware *
carrier lenels2_lnl-x3300 -
carrier lenels2_lnl-x4420_firmware *
carrier lenels2_lnl-x4420 -
carrier lenels2_s2-lp-1501_firmware *
carrier lenels2_s2-lp-1501 -
carrier lenels2_s2-lp-1502_firmware *
carrier lenels2_s2-lp-1502 -
carrier lenels2_s2-lp-2500_firmware *
carrier lenels2_s2-lp-2500 -
carrier lenels2_s2-lp-4502_firmware *
carrier lenels2_s2-lp-4502 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35999FD6-AC96-446D-8A53-F976B1E77CAD",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hidglobal:lp1501:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9DC3EC5-C67D-4FE5-8B53-04AB785588FE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91D69F6B-3372-4B8C-BA65-8D06150B0332",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hidglobal:lp1502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "902FDABA-C5D0-4CAE-BBDF-E4338D3A4DAF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "94431442-0D7F-422F-8AB8-7F7BF6069134",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hidglobal:lp2500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAC2A69E-BF7D-448B-8347-19CFFABED15A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A199648-AE0D-44CB-82A8-A8265A7C71F2",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hidglobal:lp4502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22147A65-6ADE-46F3-AFF8-E46CE81D6E8B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "166388C7-1B28-42C1-941C-55B54EB311FB",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hidglobal:ep4502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9A28A38-C57D-4FC6-8CAA-0011AF06D290",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:carrier:lenels2_lnl-4420_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D07F4655-BF3F-4AF6-A05E-B9CF03F8F9D3",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:carrier:lenels2_lnl-4420:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "36855319-E36B-47C3-B27E-E1509D1C9D4D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:carrier:lenels2_lnl-x2210_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "655117A6-848B-4F24-9315-C72926BE4633",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:carrier:lenels2_lnl-x2210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B091C8F-2C3A-47C9-92AC-550D977F781A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:carrier:lenels2_lnl-x2220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCACB0A-D4AD-4D2C-8511-0F83B124C810",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:carrier:lenels2_lnl-x2220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "15FD8460-39D0-46C4-9F04-EB3B6C72767A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:carrier:lenels2_lnl-x3300_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0726F2A-43BF-4D32-A1B7-97D67A3BDC2B",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:carrier:lenels2_lnl-x3300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "389BE7A1-1B57-4097-9AAF-A6931C06BA15",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:carrier:lenels2_lnl-x4420_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2FFA3E9-5658-4A94-BFA4-652595F2581C",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:carrier:lenels2_lnl-x4420:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BC2BAEA-E139-47C2-9A8F-857AB1C7D54B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:carrier:lenels2_s2-lp-1501_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF902078-8407-403D-8226-1614E1982CD7",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:carrier:lenels2_s2-lp-1501:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3183C665-CD31-446D-8D95-908148675D25",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:carrier:lenels2_s2-lp-1502_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A703D6D9-C649-41C5-9C64-1E8FE3588B6A",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:carrier:lenels2_s2-lp-1502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "93B38941-79D8-41E7-9763-989C0C3B6139",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:carrier:lenels2_s2-lp-2500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2544AB9B-EDE0-4738-BA09-C652E58FDC6A",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:carrier:lenels2_s2-lp-2500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1724D78F-EE79-4E48-BDB2-D399C573F42D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:carrier:lenels2_s2-lp-4502_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D68BAE0-DB10-42FD-885A-CEE8CFA36BEC",
              "versionEndExcluding": "1.29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:carrier:lenels2_s2-lp-4502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "115129D2-5134-4BCD-B5D0-263F4687B59D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless."
    },
    {
      "lang": "es",
      "value": "Un atacante no autenticado puede enviar una petici\u00f3n HTTP no autenticada especialmente dise\u00f1ada al dispositivo que puede desbordar un b\u00fafer. Esta vulnerabilidad afecta a los productos basados en los controladores inteligentes HID Mercury LP1501, LP1502, LP2500, LP4502 y EP4502 que contienen versiones de firmware anteriores a la 1.29. El desbordamiento de datos conlleva un fallo de segmentaci\u00f3n y, en \u00faltima instancia, una condici\u00f3n de denegaci\u00f3n de servicio, causando el reinicio del dispositivo. El impacto de esta vulnerabilidad es que un atacante no autenticado podr\u00eda aprovechar este fallo para causar que el dispositivo de destino deje de responder. Un atacante podr\u00eda automatizar este ataque para lograr un DoS persistente, inutilizando efectivamente el controlador de destino"
    }
  ],
  "id": "CVE-2022-31482",
  "lastModified": "2024-11-21T07:04:33.063",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "productsecurity@carrier.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-06T17:15:11.210",
  "references": [
    {
      "source": "productsecurity@carrier.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
    }
  ],
  "sourceIdentifier": "productsecurity@carrier.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "productsecurity@carrier.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.