CVE-2023-37220 - Vulnerability Details

Synel Terminals - CWE-494: Download of Code Without Integrity Check

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00048.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Synel

Terminals

unaffected

Version	Status	Constraints
`All versions`	affected	< Upgrade to version 3015.1

Configuration 1 [-]

AND

cpe:2.3:o:synel:synergy\/a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:synergy\/a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:synel:synergy_touch_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:synergy_touch:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:synel:synergy_10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:synergy_10:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:synel:synergy_5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:synergy_5:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:synel:sy-910_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-910:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:synel:synergy\/x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:synergy\/x:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:synel:sy110_face_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy110_face:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:synel:bioentry-w2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:bioentry-w2:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:synel:biolite-n2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:biolite-n2:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:synel:bioentry_p2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:bioentry_p2:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:synel:sy-711_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-711:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:synel:sy-715_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-715:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:synel:sy-751_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-751:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:synel:sy-755_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-755:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:synel:sy-777_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-777:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:synel:sy-785_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-785:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:synel:sy-765_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-765:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:synel:sy-7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-7500:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:synel:sy-745_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-745:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:synel:sy-780_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-780:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:synel:synergy_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:synergy:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Synel Subscribe	Bioentry-w2 Subscribe Bioentry-w2 Firmware Subscribe Bioentry P2 Subscribe Bioentry P2 Firmware Subscribe Biolite-n2 Subscribe Biolite-n2 Firmware Subscribe Sy-711 Subscribe Sy-711 Firmware Subscribe Sy-715 Subscribe Sy-715 Firmware Subscribe Sy-745 Subscribe Sy-745 Firmware Subscribe Sy-7500 Subscribe Sy-7500 Firmware Subscribe Sy-751 Subscribe Sy-751 Firmware Subscribe Sy-755 Subscribe Sy-755 Firmware Subscribe Sy-765 Subscribe Sy-765 Firmware Subscribe Sy-777 Subscribe Sy-777 Firmware Subscribe Sy-780 Subscribe Sy-780 Firmware Subscribe Sy-785 Subscribe Sy-785 Firmware Subscribe Sy-910 Subscribe Sy-910 Firmware Subscribe Sy110 Face Subscribe Sy110 Face Firmware Subscribe Synergy Subscribe Synergy\/a Subscribe Synergy\/a Firmware Subscribe Synergy\/x Subscribe Synergy\/x Firmware Subscribe Synergy 10 Subscribe Synergy 10 Firmware Subscribe Synergy 5 Subscribe Synergy 5 Firmware Subscribe Synergy Firmware Subscribe Synergy Touch Subscribe Synergy Touch Firmware Subscribe Terminals Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2023-41140	Synel Terminals - CWE-494: Download of Code Without Integrity Check

Fixes

Solution

Upgrade to version 3015.1

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.gov.il/en/Departments/faq/cve_advisories

History

Tue, 01 Oct 2024 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Synel terminals
CPEs		cpe:2.3:a:synel:terminals::::::::
Vendors & Products		Synel terminals
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: INCD

Published: 2023-09-03T13:47:05.388Z

Updated: 2024-10-01T13:07:25.275Z

Reserved: 2023-06-28T20:35:37.792Z

Link: CVE-2023-37220

Vulnrichment

Updated: 2024-08-02T17:09:34.169Z

NVD

Status : Modified

Published: 2023-09-03T14:15:41.587

Modified: 2024-11-21T08:11:13.943

Link: CVE-2023-37220

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-494

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object