CVE-2022-31480

Published Jun 6, 2022

Last updated 2 years ago

CVSS high 7.5

Overview

Description: An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot.
Source: productsecurity@carrier.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-425
productsecurity@carrier.com: CWE-425

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2531827-8A5A-43E9-9676-673E4E3A57E8",
            "versionEndExcluding": "1.302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hidglobal:lp1501:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B9DC3EC5-C67D-4FE5-8B53-04AB785588FE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27E8E33B-63CA-4661-9B45-1D2A4A4A7417",
            "versionEndExcluding": "1.302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hidglobal:lp1502:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "902FDABA-C5D0-4CAE-BBDF-E4338D3A4DAF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97CACF87-1D8F-43AE-8BA2-9BA48EABDE97",
            "versionEndExcluding": "1.302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hidglobal:lp2500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AAC2A69E-BF7D-448B-8347-19CFFABED15A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E33A1872-FA6E-4063-BAE1-1437F0780107",
            "versionEndExcluding": "1.302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hidglobal:lp4502:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "22147A65-6ADE-46F3-AFF8-E46CE81D6E8B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C85E5702-D143-4EFB-BCFB-E4AE18C87882",
            "versionEndExcluding": "1.296"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hidglobal:ep4502:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F9A28A38-C57D-4FC6-8CAA-0011AF06D290"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:carrier:lenels2_lnl-4420_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "332F1FB3-FBB7-42F1-A6A8-AAFD5D67ACA7",
            "versionEndExcluding": "1.296"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:carrier:lenels2_lnl-4420:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "36855319-E36B-47C3-B27E-E1509D1C9D4D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:carrier:lenels2_lnl-x2210_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B1CBAA6-DAF5-413D-B361-890DAAC626EC",
            "versionEndExcluding": "1.302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:carrier:lenels2_lnl-x2210:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3B091C8F-2C3A-47C9-92AC-550D977F781A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:carrier:lenels2_lnl-x2220_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E0F6C5B-E4F4-444D-A6D4-B8F58A92B7BC",
            "versionEndExcluding": "1.302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:carrier:lenels2_lnl-x2220:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "15FD8460-39D0-46C4-9F04-EB3B6C72767A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:carrier:lenels2_lnl-x3300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DF532E2-3AC9-4850-A716-343795C55019",
            "versionEndExcluding": "1.302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:carrier:lenels2_lnl-x3300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "389BE7A1-1B57-4097-9AAF-A6931C06BA15"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:carrier:lenels2_lnl-x4420_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4415D959-7321-41D7-A193-B4B01E4DC6DD",
            "versionEndExcluding": "1.302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:carrier:lenels2_lnl-x4420:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2BC2BAEA-E139-47C2-9A8F-857AB1C7D54B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:carrier:lenels2_s2-lp-1501_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7752CDEC-BC7A-406E-9AFB-30C22190570D",
            "versionEndExcluding": "1.302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:carrier:lenels2_s2-lp-1501:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3183C665-CD31-446D-8D95-908148675D25"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:carrier:lenels2_s2-lp-1502_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B057323E-A352-4E32-845F-51DEA38722BD",
            "versionEndExcluding": "1.302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:carrier:lenels2_s2-lp-1502:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "93B38941-79D8-41E7-9763-989C0C3B6139"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:carrier:lenels2_s2-lp-2500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5BF0DDA-C6DC-4728-9902-BA0324A13A7C",
            "versionEndExcluding": "1.302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:carrier:lenels2_s2-lp-2500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1724D78F-EE79-4E48-BDB2-D399C573F42D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:carrier:lenels2_s2-lp-4502_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2F9B937-9326-47A5-AE7F-9218B1F0B7B3",
            "versionEndExcluding": "1.302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:carrier:lenels2_s2-lp-4502:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "115129D2-5134-4BCD-B5D0-263F4687B59D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References