CVE-2023-0248

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02	Third Party Advisory US Government Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:johnsoncontrols:iosmart_gen_1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:johnsoncontrols:iosmart_gen_1:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-12-14 21:15

Updated : 2023-12-21 15:12

NVD link : CVE-2023-0248

Mitre link : CVE-2023-0248

CVE.ORG link : CVE-2023-0248

JSON object : View

Products Affected

johnsoncontrols

iosmart_gen_1
iosmart_gen_1_firmware

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2023-0248", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}, {"type": "Secondary", "source": "productsecurity@jci.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 5.3, "exploitabilityScore": 1.6}]}, "published": "2023-12-14T21:15:07.553", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "productsecurity@jci.com"}, {"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", "tags": ["Vendor Advisory"], "source": "productsecurity@jci.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}, {"type": "Secondary", "source": "productsecurity@jci.com", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.\n\n"}, {"lang": "es", "value": "Un atacante con acceso f\u00edsico al lector de tarjetas Kantech Gen1 ioSmart con versi\u00f3n de firmware anterior a 1.7.2 en determinadas circunstancias puede recuperar la memoria de comunicaci\u00f3n del lector entre la tarjeta y el lector."}], "lastModified": "2023-12-21T15:12:05.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:johnsoncontrols:iosmart_gen_1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EAD2797-79E8-4ED4-87EC-914F08698414", "versionEndExcluding": "1.07.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:johnsoncontrols:iosmart_gen_1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1FC9CD38-BBD7-4AB8-A7E1-87246BCD7812"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "productsecurity@jci.com"}