1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable from adjacent network
- Vendor: Sensormatic Electronics, LLC, an affiliate of Johnson Controls Inc.
- Equipment: Kantech Gen1 ioSmart card reader
- Vulnerability: Missing Release of Memory after Effective Lifetime
2. RISK EVALUATION
An attacker with physical access to the Kantech Gen1 ioSmart card reader in certain circumstances can recover the reader’s communication memory between the card and reader.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Kantech Gen1 ioSmart card reader are affected:
- Kantech Gen1 ioSmart card reader: firmware versions prior to 1.7.2
3.2 Vulnerability Overview
3.2.1 MISSING RELEASE OF MEMORY AFTER EFFECTIVE LIFETIME CWE-401
Kantech Gen1 ioSmart card readers with firmware versions prior to 1.7.2 do not properly release memory after its effective lifetime. An attacker with physical access to the Kantech Gen1 ioSmart card reader in certain circumstances can recover the reader’s communication memory between the card and reader. CWE-200: Exposure of Sensitive Information to an Unauthorized Actor also applies to this vulnerability.
CVE-2023-0248 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: Ireland
3.4 RESEARCHER
Colin O’Flynn at NewAE Technology Inc. reported this vulnerability to Johnson Controls. Johnson Controls report
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: