fkie_nvd - fkie_cve-2024-22388

FKIE_CVE-2024-22388

Vulnerability from fkie_nvd - Published: 2024-02-06 23:15 - Updated: 2024-11-21 08:56

Severity ?

5.9 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.

References

URL	Tags
ics-cert@hq.dhs.gov	https://support.hidglobal.com/	Product
ics-cert@hq.dhs.gov	https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://support.hidglobal.com/	Product
af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
hidglobal	iclass_se_cp1000_encoder_firmware	*
hidglobal	iclass_se_cp1000_encoder	-
hidglobal	iclass_se_readers_firmware	*
hidglobal	iclass_se_readers	-
hidglobal	iclass_se_reader_modules_firmware	*
hidglobal	iclass_se_reader_modules	-
hidglobal	iclass_se_processors_firmware	*
hidglobal	iclass_se_processors	-
hidglobal	omnikey_5427ck_firmware	*
hidglobal	omnikey_5427ck	-
hidglobal	omnikey_5127ck_firmware	*
hidglobal	omnikey_5127ck	-
hidglobal	omnikey_5023_firmware	*
hidglobal	omnikey_5023	-
hidglobal	omnikey_5027_firmware	*
hidglobal	omnikey_5027	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hidglobal:iclass_se_cp1000_encoder_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA7199D9-8A09-4ABF-926C-BF4739222282",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hidglobal:iclass_se_cp1000_encoder:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB854B8-F5E0-4A00-922C-5B62564DB158",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hidglobal:iclass_se_readers_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F84C363-45B4-40F9-8C8F-93394F2AF318",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hidglobal:iclass_se_readers:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08AA1F70-0EDD-498D-A60A-D7E769765A1B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hidglobal:iclass_se_reader_modules_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B5F3AFC-7213-41E7-800A-78BE8CA53515",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hidglobal:iclass_se_reader_modules:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B620F5-3B4E-4728-9066-506105282B91",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hidglobal:iclass_se_processors_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FA7393-0EF9-43A4-9F26-DB48FDC3DAE7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hidglobal:iclass_se_processors:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "029F78BB-6EFE-4CD1-80F3-2B5D476D049C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hidglobal:omnikey_5427ck_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70382765-8BA5-4114-9681-BC4118FD6E24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hidglobal:omnikey_5427ck:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "095B970F-BDB3-449D-8859-ED942B68EC99",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hidglobal:omnikey_5127ck_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AD6E73F-E3CA-412B-986F-8582269C2FC1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hidglobal:omnikey_5127ck:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB1E42B-DDCE-4333-B9A3-56E046988E40",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hidglobal:omnikey_5023_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9661B3-E09D-4A88-AB61-C68E3EC7024C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hidglobal:omnikey_5023:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA7B4826-9C1C-4685-AD9A-B2A89069A03F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hidglobal:omnikey_5027_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1833B4BD-0205-412A-BDEE-FE993620C941",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hidglobal:omnikey_5027:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71567BE0-8B74-4AF2-840C-E52A31A95BC2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys."
    },
    {
      "lang": "es",
      "value": "Cierta configuraci\u00f3n disponible en el canal de comunicaci\u00f3n para codificadores podr\u00eda exponer datos confidenciales cuando se programan las tarjetas de configuraci\u00f3n del lector. Estos datos podr\u00edan incluir claves de administraci\u00f3n de dispositivos y credenciales."
    }
  ],
  "id": "CVE-2024-22388",
  "lastModified": "2024-11-21T08:56:10.547",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 4.0,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-06T23:15:08.707",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Product"
      ],
      "url": "https://support.hidglobal.com/"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://support.hidglobal.com/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1188"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

CVE-2024-22388 (GCVE-0-2024-22388)

Vulnerability from cvelistv5 – Published: 2024-02-06 23:06 – Updated: 2025-05-07 20:06

Title

Insecure Default Initialization of Resource in HID Global

Summary

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-1188 - Insecure Default Initialization of Resource

Assigner

icscert

References

URL

Tags

	https://www.cisa.gov/news-events/ics-advisories/i…
	https://support.hidglobal.com/

Impacted products

Vendor

Product

Version

HID Global

iCLASS SE CP1000 Encoder

Affected: All

HID Global	iCLASS SE Readers	Affected: All
HID Global	iCLASS SE Reader Modules	Affected: All
HID Global	iCLASS SE Processors	Affected: All
HID Global	OMNIKEY 5427CK Readers	Affected: All
HID Global	OMNIKEY 5127CK Readers	Affected: All
HID Global	OMNIKEY 5023 Readers	Affected: All
HID Global	OMNIKEY 5027 Readers	Affected: All

Credits

HID Global reported this vulnerability to CISA.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:43:34.563Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hidglobal.com/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22388",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-15T05:16:03.307503Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-07T20:06:09.019Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "iCLASS SE CP1000 Encoder",
          "vendor": "HID Global",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "iCLASS SE Readers",
          "vendor": "HID Global",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "iCLASS SE Reader Modules",
          "vendor": "HID Global",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "iCLASS SE Processors",
          "vendor": "HID Global",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OMNIKEY 5427CK Readers",
          "vendor": "HID Global",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OMNIKEY 5127CK Readers",
          "vendor": "HID Global",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OMNIKEY 5023 Readers",
          "vendor": "HID Global",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OMNIKEY 5027 Readers",
          "vendor": "HID Global",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "HID Global reported this vulnerability to CISA."
        }
      ],
      "datePublic": "2024-02-06T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCertain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.\u003c/span\u003e"
            }
          ],
          "value": "Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1188",
              "description": "CWE-1188 Insecure Default Initialization of Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-17T18:44:10.399Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01"
        },
        {
          "url": "https://support.hidglobal.com/"
        }
      ],
      "source": {
        "advisory": "ICSA-24-037-01",
        "discovery": "INTERNAL"
      },
      "title": "Insecure Default Initialization of Resource in HID Global",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eHID advises users to take the following steps to mitigate these threats.\u003c/p\u003e\u003cp\u003eProtect your reader configuration cards.\u003c/p\u003e\u003cul\u003e\u003cli\u003eA malicious encoder or reader must be physically close to the reader configuration cards to communicate with them and extract information. Elite Key and Custom Key users that have kept their configuration cards secure should continue to be vigilant and restrict access to those cards.\u003cbr\u003eHID standard key users and other users who are concerned their keys may be compromised should consider steps to update the readers and credentials with new keys. To assist in this effort, HID will be introducing a free upgrade to the Elite Key program. Contact your HID representative for more information.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eProtect your credentials and disable legacy technologies.\u003c/p\u003e\u003cul\u003e\u003cli\u003eReading the PACS data from a credential is not enough to clone the credential for modern technologies like Seos and DESFire. These technologies use a credential key for authentication. However, if a system\u0027s readers still support legacy technologies (i.e., HID Prox, MiFARE Classic, etc.), then it may be possible to insert the credential information into a legacy technology credential that would be accepted by those readers. Users are encouraged to disable legacy credential technologies in their readers.\u003cbr\u003eFurther, physical credentials should always be kept safe by their users, and site managers should remind their users to be vigilant with their credentials and report missing or stolen cards.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eHarden your iCLASS SE Readers from configuration changes\u003c/p\u003e\u003cul\u003e\u003cli\u003eiCLASS SE Readers using firmware firmware version 8.6.04 or higher can use the HID Reader Manager application to prevent the readers from accepting configuration changes from configuration cards. After this is complete, users may then securely destroy their reader configuration cards.\u003cbr\u003eIf you need assistance, or if the reader firmware has not been updated to 8.6.04 or higher, contact HID Technical Support.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eHarden your HID OMNIKEY Readers, HID iCLASS SE Reader Modules, HID iCLASS SE Processors from configuration changes\u003c/p\u003e\u003cul\u003e\u003cli\u003eContact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.hidglobal.com/support\"\u003eHID\u003c/a\u003e\u0026nbsp;to receive a \"Shield Card\" that will prevent further configuration changes using reader configuration cards. After this is complete, users may then securely destroy their reader configuration cards.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "HID advises users to take the following steps to mitigate these threats.\n\nProtect your reader configuration cards.\n\n  *  A malicious encoder or reader must be physically close to the reader configuration cards to communicate with them and extract information. Elite Key and Custom Key users that have kept their configuration cards secure should continue to be vigilant and restrict access to those cards.\nHID standard key users and other users who are concerned their keys may be compromised should consider steps to update the readers and credentials with new keys. To assist in this effort, HID will be introducing a free upgrade to the Elite Key program. Contact your HID representative for more information.\n\n\nProtect your credentials and disable legacy technologies.\n\n  *  Reading the PACS data from a credential is not enough to clone the credential for modern technologies like Seos and DESFire. These technologies use a credential key for authentication. However, if a system\u0027s readers still support legacy technologies (i.e., HID Prox, MiFARE Classic, etc.), then it may be possible to insert the credential information into a legacy technology credential that would be accepted by those readers. Users are encouraged to disable legacy credential technologies in their readers.\nFurther, physical credentials should always be kept safe by their users, and site managers should remind their users to be vigilant with their credentials and report missing or stolen cards.\n\n\nHarden your iCLASS SE Readers from configuration changes\n\n  *  iCLASS SE Readers using firmware firmware version 8.6.04 or higher can use the HID Reader Manager application to prevent the readers from accepting configuration changes from configuration cards. After this is complete, users may then securely destroy their reader configuration cards.\nIf you need assistance, or if the reader firmware has not been updated to 8.6.04 or higher, contact HID Technical Support.\n\n\nHarden your HID OMNIKEY Readers, HID iCLASS SE Reader Modules, HID iCLASS SE Processors from configuration changes\n\n  *  Contact  HID https://www.hidglobal.com/support \u00a0to receive a \"Shield Card\" that will prevent further configuration changes using reader configuration cards. After this is complete, users may then securely destroy their reader configuration cards."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-22388",
    "datePublished": "2024-02-06T23:06:07.942Z",
    "dateReserved": "2024-01-25T17:05:42.446Z",
    "dateUpdated": "2025-05-07T20:06:09.019Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2024-22388

CVE-2024-22388 (GCVE-0-2024-22388)

Tags

Sightings

Nomenclature