CVE-2024-22388

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-22388
Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.hidglobal.com/ Product
https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:h:hidglobal:iclass_se_cp1000_encoder:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:iclass_se_cp1000_encoder_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:h:hidglobal:iclass_se_readers:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:iclass_se_readers_firmware:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:h:hidglobal:iclass_se_reader_modules:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:iclass_se_reader_modules_firmware:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:h:hidglobal:iclass_se_processors:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:iclass_se_processors_firmware:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:h:hidglobal:omnikey_5427ck:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:omnikey_5427ck_firmware:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:h:hidglobal:omnikey_5127ck:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:omnikey_5127ck_firmware:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:h:hidglobal:omnikey_5023:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:omnikey_5023_firmware:*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:h:hidglobal:omnikey_5027:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:omnikey_5027_firmware:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-02-06 23:15

Updated : 2024-02-14 20:59

NVD link : CVE-2024-22388

Mitre link : CVE-2024-22388

CVE.ORG link : CVE-2024-22388

JSON object : View

Products Affected

hidglobal

  • iclass_se_cp1000_encoder_firmware
  • omnikey_5027_firmware
  • iclass_se_reader_modules
  • omnikey_5023_firmware
  • iclass_se_cp1000_encoder
  • omnikey_5023
  • iclass_se_readers_firmware
  • iclass_se_processors_firmware
  • iclass_se_reader_modules_firmware
  • iclass_se_processors
  • omnikey_5027
  • iclass_se_readers
  • omnikey_5427ck
  • omnikey_5127ck_firmware
  • omnikey_5427ck_firmware
  • omnikey_5127ck
CWE
NVD-CWE-Other CWE-285

Improper Authorization