CVE-2023-0248 - Vulnerability Details - OpenCVE

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00098.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Johnsoncontrols	Iosmart Gen 1 Iosmart Gen 1 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:johnsoncontrols:iosmart_gen_1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:johnsoncontrols:iosmart_gen_1:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-12329	An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.

Fixes

Solution

Update ioSmart Gen1 card reader to firmware version 1.07.02 or higher. Download the update here: https://www.kantech.com/Resources/GetDoc.aspx?p=1&id=58679 https://www.kantech.com/Resources/GetDoc.aspx Contact technical support for additional information. ioSmart Gen2 readers are not affected by this behavior. Contact your local sales representative for ordering information.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02
https://www.johnsoncontrols.com/cyber-solutions/security-advisories

History

Tue, 08 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: jci

Published: 2023-12-14T20:57:33.625Z

Updated: 2024-10-08T14:19:18.925Z

Reserved: 2023-01-12T15:26:20.842Z

Link: CVE-2023-0248

Vulnrichment

Updated: 2024-08-02T05:02:44.139Z

NVD

Status : Modified

Published: 2023-12-14T21:15:07.553

Modified: 2024-11-21T07:36:49.787

Link: CVE-2023-0248

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0248", "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "state": "PUBLISHED", "assignerShortName": "jci", "dateReserved": "2023-01-12T15:26:20.842Z", "datePublished": "2023-12-14T20:57:33.625Z", "dateUpdated": "2024-10-08T14:19:18.925Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ioSmart Gen1", "vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.", "versions": [{"lessThan": "1.07.02", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Colin O\u2019Flynn at NewAE Technology Inc."}], "datePublic": "2023-12-14T20:34:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.<br><br>"}], "value": "An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.\n\n"}], "impacts": [{"capecId": "CAPEC-54", "descriptions": [{"lang": "en", "value": "CAPEC-54 Query System for Information"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "shortName": "jci", "dateUpdated": "2023-12-15T21:16:03.463Z"}, "references": [{"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update ioSmart Gen1 card reader to firmware version 1.07.02 or higher.<br>Download the update here: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.kantech.com/Resources/GetDoc.aspx?p=1&id=58679\">https://www.kantech.com/Resources/GetDoc.aspx?p=1&id=58679</a><br>Contact technical support for additional information.<br><br>ioSmart Gen2 readers are not affected by this behavior.<br>Contact your local sales representative for ordering information.<br>"}], "value": "Update ioSmart Gen1 card reader to firmware version 1.07.02 or higher.\nDownload the update here:\u00a0 https://www.kantech.com/Resources/GetDoc.aspx?p=1&id=58679 https://www.kantech.com/Resources/GetDoc.aspx \nContact technical support for additional information.\n\nioSmart Gen2 readers are not affected by this behavior.\nContact your local sales representative for ordering information.\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Kantech Gen1 ioSmart card reader", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:02:44.139Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", "tags": ["x_transferred"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-13T21:03:38.527676Z", "id": "CVE-2023-0248", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T14:19:18.925Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", "tags": ["x_transferred"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:02:44.139Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-0248", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-13T21:03:38.527676Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T14:19:15.421Z"}}], "cna": {"title": "Kantech Gen1 ioSmart card reader", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Colin O\u2019Flynn at NewAE Technology Inc."}], "impacts": [{"capecId": "CAPEC-54", "descriptions": [{"lang": "en", "value": "CAPEC-54 Query System for Information"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.", "product": "ioSmart Gen1", "versions": [{"status": "affected", "version": "0", "lessThan": "1.07.02", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update ioSmart Gen1 card reader to firmware version 1.07.02 or higher.\nDownload the update here:\u00a0 https://www.kantech.com/Resources/GetDoc.aspx?p=1&id=58679 https://www.kantech.com/Resources/GetDoc.aspx \nContact technical support for additional information.\n\nioSmart Gen2 readers are not affected by this behavior.\nContact your local sales representative for ordering information.\n", "supportingMedia": [{"type": "text/html", "value": "Update ioSmart Gen1 card reader to firmware version 1.07.02 or higher.<br>Download the update here: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.kantech.com/Resources/GetDoc.aspx?p=1&id=58679\">https://www.kantech.com/Resources/GetDoc.aspx?p=1&id=58679</a><br>Contact technical support for additional information.<br><br>ioSmart Gen2 readers are not affected by this behavior.<br>Contact your local sales representative for ordering information.<br>", "base64": false}]}], "datePublic": "2023-12-14T20:34:00.000Z", "references": [{"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.\n\n", "supportingMedia": [{"type": "text/html", "value": "An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.<br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}], "providerMetadata": {"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "shortName": "jci", "dateUpdated": "2023-12-15T21:16:03.463Z"}}}, "cveMetadata": {"cveId": "CVE-2023-0248", "state": "PUBLISHED", "dateUpdated": "2024-10-08T14:19:18.925Z", "dateReserved": "2023-01-12T15:26:20.842Z", "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "datePublished": "2023-12-14T20:57:33.625Z", "assignerShortName": "jci"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:johnsoncontrols:iosmart_gen_1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EAD2797-79E8-4ED4-87EC-914F08698414", "versionEndExcluding": "1.07.02", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:johnsoncontrols:iosmart_gen_1:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FC9CD38-BBD7-4AB8-A7E1-87246BCD7812", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.\n\n"}, {"lang": "es", "value": "Un atacante con acceso f\u00edsico al lector de tarjetas Kantech Gen1 ioSmart con versi\u00f3n de firmware anterior a 1.7.2 en determinadas circunstancias puede recuperar la memoria de comunicaci\u00f3n del lector entre la tarjeta y el lector."}], "id": "CVE-2023-0248", "lastModified": "2024-11-21T07:36:49.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.3, "source": "productsecurity@jci.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-14T21:15:07.553", "references": [{"source": "productsecurity@jci.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02"}, {"source": "productsecurity@jci.com", "tags": ["Vendor Advisory"], "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"}], "sourceIdentifier": "productsecurity@jci.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-401"}], "source": "productsecurity@jci.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}