CVE-2023-0248
HIGH
7,5
Source: [email protected]
Attack Vector: adjacent_network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: changed
Confidentiality: low
Integrity: high
Availability: low
Description
AI Translation Available
An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0010
Percentile
0,3th
Updated
EPSS Score Trend (Last 90 Days)
200
Exposure of Sensitive Information to an Unauthorized Actor
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies:
Mobile, Not Technology-Specific, Web Based
401
Missing Release of Memory after Effective Lifetime
DraftCommon Consequences
Security Scopes Affected:
Availability
Other
Potential Impacts:
Dos: Crash, Exit, Or Restart
Dos: Instability
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Reduce Performance
Applicable Platforms
Languages:
C, C++, Not Language-Specific
Operating System
Iosmart Gen 1 Firmware by Johnsoncontrols
Version Range Affected
To
1.07.02
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:johnsoncontrols:iosmart_gen_1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02
https://www.johnsoncontrols.com/cyber-solutions/security-advisories