CVE-2024-22388

Published Feb 6, 2024

Last updated 3 months ago

CVSS medium 5.9

Overview

Description: Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

ics-cert@hq.dhs.gov: CWE-1188
nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hidglobal:iclass_se_cp1000_encoder_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA7199D9-8A09-4ABF-926C-BF4739222282"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hidglobal:iclass_se_cp1000_encoder:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2BB854B8-F5E0-4A00-922C-5B62564DB158"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hidglobal:iclass_se_readers_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F84C363-45B4-40F9-8C8F-93394F2AF318"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hidglobal:iclass_se_readers:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "08AA1F70-0EDD-498D-A60A-D7E769765A1B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hidglobal:iclass_se_reader_modules_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B5F3AFC-7213-41E7-800A-78BE8CA53515"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hidglobal:iclass_se_reader_modules:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "70B620F5-3B4E-4728-9066-506105282B91"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hidglobal:iclass_se_processors_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95FA7393-0EF9-43A4-9F26-DB48FDC3DAE7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hidglobal:iclass_se_processors:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "029F78BB-6EFE-4CD1-80F3-2B5D476D049C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hidglobal:omnikey_5427ck_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70382765-8BA5-4114-9681-BC4118FD6E24"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hidglobal:omnikey_5427ck:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "095B970F-BDB3-449D-8859-ED942B68EC99"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hidglobal:omnikey_5127ck_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AD6E73F-E3CA-412B-986F-8582269C2FC1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hidglobal:omnikey_5127ck:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FDB1E42B-DDCE-4333-B9A3-56E046988E40"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hidglobal:omnikey_5023_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE9661B3-E09D-4A88-AB61-C68E3EC7024C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hidglobal:omnikey_5023:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BA7B4826-9C1C-4685-AD9A-B2A89069A03F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hidglobal:omnikey_5027_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1833B4BD-0205-412A-BDEE-FE993620C941"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hidglobal:omnikey_5027:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "71567BE0-8B74-4AF2-840C-E52A31A95BC2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References