Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ICSA-22-153-01
Vulnerability from csaf_cisa - Published: 2022-06-02 00:00 - Updated: 2022-06-02 00:00Summary
Carrier LenelS2 HID Mercury access panels
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could allow an attacker access to the device, allowing monitoring of all communications sent to and from the device, modification of onboard relays, changing of configuration files, device instability, and a denial-of-service condition.
Critical infrastructure sectors
Commercial Facilities
Countries/areas deployed
United States
Company headquarters location
United States
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/icsSeveral recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov/icsin the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"names": [
"Sam Quinn @eAyeP",
"Steve Povolny @spovolny"
],
"organization": "Trellix Threat Labs",
"summary": "reporting these vulnerabilities to Carrier"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker access to the device, allowing monitoring of all communications sent to and from the device, modification of onboard relays, changing of configuration files, device instability, and a denial-of-service condition.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Commercial Facilities",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "United States",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/icsSeveral recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov/icsin the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-22-153-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-153-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-153-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-153-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Carrier LenelS2 HID Mercury access panels",
"tracking": {
"current_release_date": "2022-06-02T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-153-01",
"initial_release_date": "2022-06-02T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-06-02T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-22-153-01 Carrier LenelS2 HID Mercury access panels"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "LNL-X2210",
"product": {
"name": "HID Mercury access panels sold by LenelS2 - LNL-X2210",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "HID Mercury access panels sold by LenelS2"
},
{
"branches": [
{
"category": "product_version",
"name": "LNL-X2220",
"product": {
"name": "HID Mercury access panels sold by LenelS2 - LNL-X2220",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "HID Mercury access panels sold by LenelS2"
},
{
"branches": [
{
"category": "product_version",
"name": "LNL-X3300",
"product": {
"name": "HID Mercury access panels sold by LenelS2 - LNL-X3300",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "HID Mercury access panels sold by LenelS2"
},
{
"branches": [
{
"category": "product_version",
"name": "LNL-X4420",
"product": {
"name": "HID Mercury access panels sold by LenelS2 - LNL-X4420",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "HID Mercury access panels sold by LenelS2"
},
{
"branches": [
{
"category": "product_version",
"name": "LNL-4420",
"product": {
"name": "HID Mercury access panels sold by LenelS2 - LNL-4420",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "HID Mercury access panels sold by LenelS2"
},
{
"branches": [
{
"category": "product_version",
"name": "S2-LP-1501",
"product": {
"name": "HID Mercury access panels sold by LenelS2 - S2-LP-1501",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "HID Mercury access panels sold by LenelS2"
},
{
"branches": [
{
"category": "product_version",
"name": "S2-LP-4502",
"product": {
"name": "HID Mercury access panels sold by LenelS2 - S2-LP-4502",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "HID Mercury access panels sold by LenelS2"
},
{
"branches": [
{
"category": "product_version",
"name": "S2-LP-2500",
"product": {
"name": "HID Mercury access panels sold by LenelS2 - S2-LP-2500",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "HID Mercury access panels sold by LenelS2"
},
{
"branches": [
{
"category": "product_version",
"name": "S2-LP-1502",
"product": {
"name": "HID Mercury access panels sold by LenelS2 - S2-LP-1502",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "HID Mercury access panels sold by LenelS2"
}
],
"category": "vendor",
"name": "Carrier LenelS2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-31479",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"notes": [
{
"category": "summary",
"text": "An unauthenticated attacker can update the hostname with a specially crafted name, allowing shell command execution during the core collection process.CVE-2022-31479 has been assigned to this vulnerability. A CVSS v3 base score of 9.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31479"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Carrier recommends updating these access panels to the most current released firmware via the LenelS2 Partner Center. Please contact a Carrier support channel partner for instructions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/contact-us/"
},
{
"category": "mitigation",
"details": "The controller can also be configured to disable web access, which prevents remote login into the controller\u0027s webpage. To log in, see the specific instructions in CARR-PSA-006-0622",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
},
{
"category": "mitigation",
"details": "Carrier has published CARR-PSA-006-0622 to notify users about these vulnerabilities, providing additional mitigation instructions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
},
{
"cve": "CVE-2022-31480",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a denial-of-service condition.CVE-2022-31480 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31480"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Carrier recommends updating these access panels to the most current released firmware via the LenelS2 Partner Center. Please contact a Carrier support channel partner for instructions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/contact-us/"
},
{
"category": "mitigation",
"details": "The controller can also be configured to disable web access, which prevents remote login into the controller\u0027s webpage. To log in, see the specific instructions in CARR-PSA-006-0622",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
},
{
"category": "mitigation",
"details": "Carrier has published CARR-PSA-006-0622 to notify users about these vulnerabilities, providing additional mitigation instructions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
},
{
"cve": "CVE-2022-31481",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer.CVE-2022-31481 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31481"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Carrier recommends updating these access panels to the most current released firmware via the LenelS2 Partner Center. Please contact a Carrier support channel partner for instructions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/contact-us/"
},
{
"category": "mitigation",
"details": "The controller can also be configured to disable web access, which prevents remote login into the controller\u0027s webpage. To log in, see the specific instructions in CARR-PSA-006-0622",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
},
{
"category": "mitigation",
"details": "Carrier has published CARR-PSA-006-0622 to notify users about these vulnerabilities, providing additional mitigation instructions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
},
{
"cve": "CVE-2022-31482",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer.CVE-2022-31482 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31482"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Carrier recommends updating these access panels to the most current released firmware via the LenelS2 Partner Center. Please contact a Carrier support channel partner for instructions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/contact-us/"
},
{
"category": "mitigation",
"details": "The controller can also be configured to disable web access, which prevents remote login into the controller\u0027s webpage. To log in, see the specific instructions in CARR-PSA-006-0622",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
},
{
"category": "mitigation",
"details": "Carrier has published CARR-PSA-006-0622 to notify users about these vulnerabilities, providing additional mitigation instructions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
},
{
"cve": "CVE-2022-31483",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An authenticated attacker can manipulate a filename to achieve the ability to upload the desired file anywhere on the filesystem.CVE-2022-31483 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31483"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Carrier recommends updating these access panels to the most current released firmware via the LenelS2 Partner Center. Please contact a Carrier support channel partner for instructions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/contact-us/"
},
{
"category": "mitigation",
"details": "The controller can also be configured to disable web access, which prevents remote login into the controller\u0027s webpage. To log in, see the specific instructions in CARR-PSA-006-0622",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
},
{
"category": "mitigation",
"details": "Carrier has published CARR-PSA-006-0622 to notify users about these vulnerabilities, providing additional mitigation instructions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
},
{
"cve": "CVE-2022-31484",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface.CVE-2022-31484 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31484"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Carrier recommends updating these access panels to the most current released firmware via the LenelS2 Partner Center. Please contact a Carrier support channel partner for instructions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/contact-us/"
},
{
"category": "mitigation",
"details": "The controller can also be configured to disable web access, which prevents remote login into the controller\u0027s webpage. To log in, see the specific instructions in CARR-PSA-006-0622",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
},
{
"category": "mitigation",
"details": "Carrier has published CARR-PSA-006-0622 to notify users about these vulnerabilities, providing additional mitigation instructions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
},
{
"cve": "CVE-2022-31485",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An unauthenticated attacker can send a specially crafted packet to update the notes section on the home page of the web interface.CVE-2022-31485 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31485"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Carrier recommends updating these access panels to the most current released firmware via the LenelS2 Partner Center. Please contact a Carrier support channel partner for instructions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/contact-us/"
},
{
"category": "mitigation",
"details": "The controller can also be configured to disable web access, which prevents remote login into the controller\u0027s webpage. To log in, see the specific instructions in CARR-PSA-006-0622",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
},
{
"category": "mitigation",
"details": "Carrier has published CARR-PSA-006-0622 to notify users about these vulnerabilities, providing additional mitigation instructions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
},
{
"cve": "CVE-2022-31486",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An authenticated attacker can send a specially crafted route to a specific binary causing it to execute shell commands.CVE-2022-31486 has been assigned to this vulnerability. A CVSS v3 base score 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31486"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Carrier recommends updating these access panels to the most current released firmware via the LenelS2 Partner Center. Please contact a Carrier support channel partner for instructions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/contact-us/"
},
{
"category": "mitigation",
"details": "The controller can also be configured to disable web access, which prevents remote login into the controller\u0027s webpage. To log in, see the specific instructions in CARR-PSA-006-0622",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
},
{
"category": "mitigation",
"details": "Carrier has published CARR-PSA-006-0622 to notify users about these vulnerabilities, providing additional mitigation instructions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
}
]
}
CVE-2022-31486 (GCVE-0-2022-31486)
Vulnerability from cvelistv5 – Published: 2022-06-06 16:41 – Updated: 2024-09-16 18:03
VLAI?
EPSS
Summary
An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable.
Severity ?
8.8 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| LenelS2 | LNL-X2210 |
Affected:
ALL , < 1.303
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LNL-X2210",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.303",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X2220",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.303",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X3300",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.303",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X4420",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.303",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-4420",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.297",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-1501",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.303",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-1502",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.303",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-2500",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.303",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-4502",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.303",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP1501",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.303",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP1502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.303",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP2500",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.303",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP4502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.303",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "EP4502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.297",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
}
],
"datePublic": "2022-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker can send a specially crafted route to the \u201cedit_route.cgi\u201d binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T16:41:46",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the latest version of firmware"
}
],
"source": {
"advisory": "CARR-PSA-006-0522",
"discovery": "EXTERNAL"
},
"title": "Command injection via Advanced Networking route add functionality",
"workarounds": [
{
"lang": "en",
"value": "Disable the controller\u0027s Web Server. \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@carrier.com",
"DATE_PUBLIC": "2022-06-02T22:00:00.000Z",
"ID": "CVE-2022-31486",
"STATE": "PUBLIC",
"TITLE": "Command injection via Advanced Networking route add functionality"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LNL-X2210",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.303"
}
]
}
},
{
"product_name": "LNL-X2220",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.303"
}
]
}
},
{
"product_name": "LNL-X3300",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.303"
}
]
}
},
{
"product_name": "LNL-X4420",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.303"
}
]
}
},
{
"product_name": "LNL-4420",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.297"
}
]
}
},
{
"product_name": "S2-LP-1501",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.303"
}
]
}
},
{
"product_name": "S2-LP-1502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.303"
}
]
}
},
{
"product_name": "S2-LP-2500",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.303"
}
]
}
},
{
"product_name": "S2-LP-4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.303"
}
]
}
}
]
},
"vendor_name": "LenelS2"
},
{
"product": {
"product_data": [
{
"product_name": "LP1501",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.303"
}
]
}
},
{
"product_name": "LP1502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.303"
}
]
}
},
{
"product_name": "LP2500",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.303"
}
]
}
},
{
"product_name": "LP4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.303"
}
]
}
},
{
"product_name": "EP4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.297"
}
]
}
}
]
},
"vendor_name": "HID Mercury"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated attacker can send a specially crafted route to the \u201cedit_route.cgi\u201d binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.corporate.carrier.com/product-security/advisories-resources/",
"refsource": "MISC",
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the latest version of firmware"
}
],
"source": {
"advisory": "CARR-PSA-006-0522",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the controller\u0027s Web Server. \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2022-31486",
"datePublished": "2022-06-06T16:41:46.407824Z",
"dateReserved": "2022-05-23T00:00:00",
"dateUpdated": "2024-09-16T18:03:16.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31481 (GCVE-0-2022-31481)
Vulnerability from cvelistv5 – Published: 2022-06-06 16:38 – Updated: 2024-09-16 16:12
VLAI?
EPSS
Summary
An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The overflowed data can allow the attacker to manipulate the “normal” code execution to that of their choosing. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable.
Severity ?
10 (Critical)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| LenelS2 | LNL-X2210 |
Affected:
ALL , < 1.302
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LNL-X2210",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X2220",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X3300",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X4420",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-4420",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.296",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-1501",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-1502",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-2500",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-4502",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP1501",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP1502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP2500",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP4502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "EP4502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.296",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
}
],
"datePublic": "2022-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The overflowed data can allow the attacker to manipulate the \u201cnormal\u201d code execution to that of their choosing. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T16:38:51",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the latest version of firmware"
}
],
"source": {
"advisory": "CARR-PSA-006-0522",
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution via buffer overflow in firmware update process",
"workarounds": [
{
"lang": "en",
"value": "Disable the controller\u0027s Web Server. \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@carrier.com",
"DATE_PUBLIC": "2022-06-02T22:00:00.000Z",
"ID": "CVE-2022-31481",
"STATE": "PUBLIC",
"TITLE": "Remote Code Execution via buffer overflow in firmware update process"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LNL-X2210",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LNL-X2220",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LNL-X3300",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LNL-X4420",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LNL-4420",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.296"
}
]
}
},
{
"product_name": "S2-LP-1501",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "S2-LP-1502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "S2-LP-2500",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "S2-LP-4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
}
]
},
"vendor_name": "LenelS2"
},
{
"product": {
"product_data": [
{
"product_name": "LP1501",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LP1502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LP2500",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LP4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "EP4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.296"
}
]
}
}
]
},
"vendor_name": "HID Mercury"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The overflowed data can allow the attacker to manipulate the \u201cnormal\u201d code execution to that of their choosing. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.corporate.carrier.com/product-security/advisories-resources/",
"refsource": "MISC",
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the latest version of firmware"
}
],
"source": {
"advisory": "CARR-PSA-006-0522",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the controller\u0027s Web Server. \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2022-31481",
"datePublished": "2022-06-06T16:38:51.453086Z",
"dateReserved": "2022-05-23T00:00:00",
"dateUpdated": "2024-09-16T16:12:27.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31483 (GCVE-0-2022-31483)
Vulnerability from cvelistv5 – Published: 2022-06-06 16:39 – Updated: 2024-09-16 18:55
VLAI?
EPSS
Summary
An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicious actor to overwrite sensitive system files and install a startup service to gain remote access to the underlaying Linux operating system with root privileges.
Severity ?
9.1 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| LenelS2 | LNL-X2210 |
Affected:
ALL , < 1.271
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LNL-X2210",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.271",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X2220",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.271",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X3300",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.271",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X4420",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.271",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-4420",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.271",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-1501",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.271",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-1502",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.271",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-2500",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.271",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-4502",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.271",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP1501",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.271",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP1502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.271",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP2500",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.271",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP4502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.271",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "EP4502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.271",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
}
],
"datePublic": "2022-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker can upload a file with a filename including \u201c..\u201d and \u201c/\u201d to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicious actor to overwrite sensitive system files and install a startup service to gain remote access to the underlaying Linux operating system with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T16:39:56",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the latest version of firmware"
}
],
"source": {
"advisory": "CARR-PSA-006-0522",
"discovery": "EXTERNAL"
},
"title": "Arbitrary file write via authenticated OSDP file upload",
"workarounds": [
{
"lang": "en",
"value": "Disable the controller\u0027s Web Server. \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@carrier.com",
"DATE_PUBLIC": "2022-06-02T22:00:00.000Z",
"ID": "CVE-2022-31483",
"STATE": "PUBLIC",
"TITLE": "Arbitrary file write via authenticated OSDP file upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LNL-X2210",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.271"
}
]
}
},
{
"product_name": "LNL-X2220",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.271"
}
]
}
},
{
"product_name": "LNL-X3300",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.271"
}
]
}
},
{
"product_name": "LNL-X4420",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.271"
}
]
}
},
{
"product_name": "LNL-4420",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.271"
}
]
}
},
{
"product_name": "S2-LP-1501",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.271"
}
]
}
},
{
"product_name": "S2-LP-1502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.271"
}
]
}
},
{
"product_name": "S2-LP-2500",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.271"
}
]
}
},
{
"product_name": "S2-LP-4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.271"
}
]
}
}
]
},
"vendor_name": "LenelS2"
},
{
"product": {
"product_data": [
{
"product_name": "LP1501",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.271"
}
]
}
},
{
"product_name": "LP1502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.271"
}
]
}
},
{
"product_name": "LP2500",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.271"
}
]
}
},
{
"product_name": "LP4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.271"
}
]
}
},
{
"product_name": "EP4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.271"
}
]
}
}
]
},
"vendor_name": "HID Mercury"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated attacker can upload a file with a filename including \u201c..\u201d and \u201c/\u201d to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicious actor to overwrite sensitive system files and install a startup service to gain remote access to the underlaying Linux operating system with root privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.corporate.carrier.com/product-security/advisories-resources/",
"refsource": "MISC",
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the latest version of firmware"
}
],
"source": {
"advisory": "CARR-PSA-006-0522",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the controller\u0027s Web Server. \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2022-31483",
"datePublished": "2022-06-06T16:39:56.305369Z",
"dateReserved": "2022-05-23T00:00:00",
"dateUpdated": "2024-09-16T18:55:31.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31485 (GCVE-0-2022-31485)
Vulnerability from cvelistv5 – Published: 2022-06-06 16:41 – Updated: 2024-09-17 00:26
VLAI?
EPSS
Summary
An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29.
Severity ?
5.3 (Medium)
CWE
- CWE-425 - Direct Request (Forced Browsing)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| LenelS2 | LNL-X2210 |
Affected:
ALL , < 1.29
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LNL-X2210",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X2220",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X3300",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X4420",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-4420",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-1501",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-1502",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-2500",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-4502",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP1501",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP1502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP2500",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP4502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "EP4502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
}
],
"datePublic": "2022-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can send a specially crafted packets to update the \u201cnotes\u201d section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (Forced Browsing)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T16:41:09",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the latest version of firmware"
}
],
"source": {
"advisory": "CARR-PSA-006-0522",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated homepage note modification",
"workarounds": [
{
"lang": "en",
"value": "Disable the controller\u0027s Web Server. \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@carrier.com",
"DATE_PUBLIC": "2022-06-02T22:00:00.000Z",
"ID": "CVE-2022-31485",
"STATE": "PUBLIC",
"TITLE": "Unauthenticated homepage note modification"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LNL-X2210",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LNL-X2220",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LNL-X3300",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LNL-X4420",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LNL-4420",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "S2-LP-1501",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "S2-LP-1502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "S2-LP-2500",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "S2-LP-4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
}
]
},
"vendor_name": "LenelS2"
},
{
"product": {
"product_data": [
{
"product_name": "LP1501",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LP1502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LP2500",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LP4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "EP4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
}
]
},
"vendor_name": "HID Mercury"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated attacker can send a specially crafted packets to update the \u201cnotes\u201d section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-425 Direct Request (Forced Browsing)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.corporate.carrier.com/product-security/advisories-resources/",
"refsource": "MISC",
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the latest version of firmware"
}
],
"source": {
"advisory": "CARR-PSA-006-0522",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the controller\u0027s Web Server. \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2022-31485",
"datePublished": "2022-06-06T16:41:09.100189Z",
"dateReserved": "2022-05-23T00:00:00",
"dateUpdated": "2024-09-17T00:26:24.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31479 (GCVE-0-2022-31479)
Vulnerability from cvelistv5 – Published: 2022-06-06 16:36 – Updated: 2024-09-16 22:30
VLAI?
EPSS
Summary
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem.
Severity ?
9.6 (Critical)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| LenelS2 | LNL-X2210 |
Affected:
ALL , < 1.302
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:05.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LNL-X2210",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X2220",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X3300",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X4420",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-4420",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.296",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-1501",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-1502",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-2500",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-4502",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP1501",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP1502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP2500",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP4502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "EP4502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.296",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
}
],
"datePublic": "2022-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T16:36:46",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the latest version of firmware"
}
],
"source": {
"advisory": "CARR-PSA-006-0522",
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution via command injection of the hostname",
"workarounds": [
{
"lang": "en",
"value": "Disable the controller\u0027s Web Server. \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@carrier.com",
"DATE_PUBLIC": "2022-06-02T22:00:00.000Z",
"ID": "CVE-2022-31479",
"STATE": "PUBLIC",
"TITLE": "Remote Code Execution via command injection of the hostname"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LNL-X2210",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LNL-X2220",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LNL-X3300",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LNL-X4420",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LNL-4420",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.296"
}
]
}
},
{
"product_name": "S2-LP-1501",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "S2-LP-1502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "S2-LP-2500",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "S2-LP-4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
}
]
},
"vendor_name": "LenelS2"
},
{
"product": {
"product_data": [
{
"product_name": "LP1501",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LP1502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LP2500",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LP4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "EP4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.296"
}
]
}
}
]
},
"vendor_name": "HID Mercury"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693 Protection Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.corporate.carrier.com/product-security/advisories-resources/",
"refsource": "MISC",
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the latest version of firmware"
}
],
"source": {
"advisory": "CARR-PSA-006-0522",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the controller\u0027s Web Server. \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2022-31479",
"datePublished": "2022-06-06T16:36:46.116844Z",
"dateReserved": "2022-05-23T00:00:00",
"dateUpdated": "2024-09-16T22:30:23.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31480 (GCVE-0-2022-31480)
Vulnerability from cvelistv5 – Published: 2022-06-06 16:37 – Updated: 2024-09-17 01:55
VLAI?
EPSS
Summary
An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot.
Severity ?
7.5 (High)
CWE
- CWE-425 - Direct Request (Forced Browsing)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| LenelS2 | LNL-X2210 |
Affected:
ALL , < 1.302
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LNL-X2210",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X2220",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X3300",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X4420",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-4420",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.296",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-1501",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-1502",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-2500",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-4502",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP1501",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP1502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP2500",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP4502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.302",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "EP4502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.296",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
}
],
"datePublic": "2022-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (Forced Browsing)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T16:37:36",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the latest version of firmware"
}
],
"source": {
"advisory": "CARR-PSA-006-0522",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Firmware Upload and Arbitrary Reboot",
"workarounds": [
{
"lang": "en",
"value": "Disable the controller\u0027s Web Server. \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@carrier.com",
"DATE_PUBLIC": "2022-06-02T22:00:00.000Z",
"ID": "CVE-2022-31480",
"STATE": "PUBLIC",
"TITLE": "Unauthenticated Firmware Upload and Arbitrary Reboot"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LNL-X2210",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LNL-X2220",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LNL-X3300",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LNL-X4420",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LNL-4420",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.296"
}
]
}
},
{
"product_name": "S2-LP-1501",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "S2-LP-1502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "S2-LP-2500",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "S2-LP-4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
}
]
},
"vendor_name": "LenelS2"
},
{
"product": {
"product_data": [
{
"product_name": "LP1501",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LP1502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LP2500",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "LP4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.302"
}
]
}
},
{
"product_name": "EP4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.296"
}
]
}
}
]
},
"vendor_name": "HID Mercury"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-425 Direct Request (Forced Browsing)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.corporate.carrier.com/product-security/advisories-resources/",
"refsource": "MISC",
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the latest version of firmware"
}
],
"source": {
"advisory": "CARR-PSA-006-0522",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the controller\u0027s Web Server. \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2022-31480",
"datePublished": "2022-06-06T16:37:36.175759Z",
"dateReserved": "2022-05-23T00:00:00",
"dateUpdated": "2024-09-17T01:55:48.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31482 (GCVE-0-2022-31482)
Vulnerability from cvelistv5 – Published: 2022-06-06 16:39 – Updated: 2024-09-17 01:00
VLAI?
EPSS
Summary
An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless.
Severity ?
7.5 (High)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| LenelS2 | LNL-X2210 |
Affected:
ALL , < 1.29
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:05.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LNL-X2210",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X2220",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X3300",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X4420",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-4420",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-1501",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-1502",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-2500",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-4502",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP1501",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP1502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP2500",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP4502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "EP4502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
}
],
"datePublic": "2022-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T16:39:22",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the latest version of firmware"
}
],
"source": {
"advisory": "CARR-PSA-006-0522",
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service via internal structure overflow",
"workarounds": [
{
"lang": "en",
"value": "Disable the controller\u0027s Web Server. \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@carrier.com",
"DATE_PUBLIC": "2022-06-02T22:00:00.000Z",
"ID": "CVE-2022-31482",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service via internal structure overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LNL-X2210",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LNL-X2220",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LNL-X3300",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LNL-X4420",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LNL-4420",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "S2-LP-1501",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "S2-LP-1502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "S2-LP-2500",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "S2-LP-4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
}
]
},
"vendor_name": "LenelS2"
},
{
"product": {
"product_data": [
{
"product_name": "LP1501",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LP1502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LP2500",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LP4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "EP4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
}
]
},
"vendor_name": "HID Mercury"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.corporate.carrier.com/product-security/advisories-resources/",
"refsource": "MISC",
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the latest version of firmware"
}
],
"source": {
"advisory": "CARR-PSA-006-0522",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the controller\u0027s Web Server. \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2022-31482",
"datePublished": "2022-06-06T16:39:22.500510Z",
"dateReserved": "2022-05-23T00:00:00",
"dateUpdated": "2024-09-17T01:00:48.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31484 (GCVE-0-2022-31484)
Vulnerability from cvelistv5 – Published: 2022-06-06 16:40 – Updated: 2024-09-17 01:37
VLAI?
EPSS
Summary
An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back.
Severity ?
7.5 (High)
CWE
- CWE-425 - Direct Request (Forced Browsing)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| LenelS2 | LNL-X2210 |
Affected:
ALL , < 1.29
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LNL-X2210",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X2220",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X3300",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-X4420",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LNL-4420",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-1501",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-1502",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-2500",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "S2-LP-4502",
"vendor": "LenelS2",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP1501",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP1502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP2500",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "LP4502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
},
{
"product": "EP4502",
"vendor": "HID Mercury",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "ALL",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
}
],
"datePublic": "2022-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (Forced Browsing)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T16:40:33",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the latest version of firmware"
}
],
"source": {
"advisory": "CARR-PSA-006-0522",
"discovery": "EXTERNAL"
},
"title": "User Account Deletion Unauthenticated",
"workarounds": [
{
"lang": "en",
"value": "Disable the controller\u0027s Web Server. \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@carrier.com",
"DATE_PUBLIC": "2022-06-02T22:00:00.000Z",
"ID": "CVE-2022-31484",
"STATE": "PUBLIC",
"TITLE": "User Account Deletion Unauthenticated"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LNL-X2210",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LNL-X2220",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LNL-X3300",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LNL-X4420",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LNL-4420",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "S2-LP-1501",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "S2-LP-1502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "S2-LP-2500",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "S2-LP-4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
}
]
},
"vendor_name": "LenelS2"
},
{
"product": {
"product_data": [
{
"product_name": "LP1501",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LP1502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LP2500",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "LP4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
},
{
"product_name": "EP4502",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "ALL",
"version_value": "1.29"
}
]
}
}
]
},
"vendor_name": "HID Mercury"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-425 Direct Request (Forced Browsing)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.corporate.carrier.com/product-security/advisories-resources/",
"refsource": "MISC",
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the latest version of firmware"
}
],
"source": {
"advisory": "CARR-PSA-006-0522",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable the controller\u0027s Web Server. \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2022-31484",
"datePublished": "2022-06-06T16:40:33.983938Z",
"dateReserved": "2022-05-23T00:00:00",
"dateUpdated": "2024-09-17T01:37:06.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…