CVE-2023-42134 - Vulnerability Details - OpenCVE

Description

PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command.

The attacker must have physical USB access to the device in order to exploit this vulnerability.

Published: 2024-01-15

Score: 6.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

PAX Technology

POS terminals

unaffected

Version	Status	Constraints
`0`	affected	≤ 11.1.45_20230314

Configuration 1 [-]

AND

cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*

cpe:2.3:h:paxtechnology:a920_pro:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*

cpe:2.3:h:paxtechnology:a50:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-46593	PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access to the device in order to exploit this vulnerability.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00231.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://blog.stmcyber.com/pax-pos-cves-2023/
https://cert.pl/en/posts/2024/01/CVE-2023-4818/
https://cert.pl/posts/2024/01/CVE-2023-4818/
https://ppn.paxengine.com/release/development

History

No history.

Subscriptions

Paxtechnology A50 A920 Pro Paydroid

MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2024-01-15T13:28:53.397Z

Updated: 2025-06-17T21:09:22.365Z

Reserved: 2023-09-07T13:17:57.372Z

Link: CVE-2023-42134

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-15T14:15:24.190

Modified: 2024-11-21T08:22:20.593

Link: CVE-2023-42134

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-42134", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2023-09-07T13:17:57.372Z", "datePublished": "2024-01-15T13:28:53.397Z", "dateUpdated": "2025-06-17T21:09:22.365Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Android"], "product": "POS terminals", "vendor": "PAX Technology", "versions": [{"lessThanOrEqual": "11.1.45_20230314", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Hubert Jasudowicz, Adam Kli\u015b and other members of STM Cyber R&D team"}], "datePublic": "2024-01-15T11:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command.<div><br></div><div><br></div>The attacker must have physical USB access to the device in order to exploit this vulnerability.<br>"}], "value": "PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command.\n\n\n\n\n\nThe attacker must have physical USB access to the device in order to exploit this vulnerability.\n"}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-912", "description": "CWE-912: Hidden Functionality", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-01-15T13:28:53.397Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://ppn.paxengine.com/release/development"}, {"tags": ["technical-description"], "url": "https://blog.stmcyber.com/pax-pos-cves-2023/"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:16:50.567Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://ppn.paxengine.com/release/development"}, {"tags": ["technical-description", "x_transferred"], "url": "https://blog.stmcyber.com/pax-pos-cves-2023/"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-42134", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-16T15:46:58.995811Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T21:09:22.365Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEE64397-E23F-4601-A869-7CF855EFB5C2", "versionEndIncluding": "8.1.0_sagittarius_v11.1.45_20230314", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:paxtechnology:a920_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF80918D-3453-4F42-A8A0-DA993C398394", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEE64397-E23F-4601-A869-7CF855EFB5C2", "versionEndIncluding": "8.1.0_sagittarius_v11.1.45_20230314", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:paxtechnology:a50:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFCCCD93-0374-4AE1-8986-E0997B53A51C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command.\n\n\n\n\n\nThe attacker must have physical USB access to the device in order to exploit this vulnerability.\n"}, {"lang": "es", "value": "Los dispositivos POS PAX basados en Android con PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 o anterior pueden permitir la sobrescritura de la partici\u00f3n firmada y, posteriormente, la ejecuci\u00f3n del c\u00f3digo local mediante un comando oculto. El atacante debe tener acceso USB f\u00edsico al dispositivo para poder aprovechar esta vulnerabilidad."}], "id": "CVE-2023-42134", "lastModified": "2024-11-21T08:22:20.593", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "cvd@cert.pl", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-15T14:15:24.190", "references": [{"source": "cvd@cert.pl", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.stmcyber.com/pax-pos-cves-2023/"}, {"source": "cvd@cert.pl", "tags": ["Third Party Advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/"}, {"source": "cvd@cert.pl", "tags": ["Third Party Advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/"}, {"source": "cvd@cert.pl", "tags": ["Permissions Required"], "url": "https://ppn.paxengine.com/release/development"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.stmcyber.com/pax-pos-cves-2023/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://ppn.paxengine.com/release/development"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-912"}], "source": "cvd@cert.pl", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}