CVE-2024-22388 - OpenCVE

Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hidglobal	Iclass Se Cp1000 Encoder Iclass Se Cp1000 Encoder Firmware Iclass Se Processors Iclass Se Processors Firmware Iclass Se Reader Modules Iclass Se Reader Modules Firmware Iclass Se Readers Iclass Se Readers Firmware Omnikey 5023 Omnikey 5023 Firmware Omnikey 5027 Omnikey 5027 Firmware Omnikey 5127ck Omnikey 5127ck Firmware Omnikey 5427ck Omnikey 5427ck Firmware

Configuration 1 [-]

AND

cpe:2.3:h:hidglobal:iclass_se_cp1000_encoder:-:*:*:*:*:*:*:*

cpe:2.3:o:hidglobal:iclass_se_cp1000_encoder_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:hidglobal:iclass_se_readers:-:*:*:*:*:*:*:*

cpe:2.3:o:hidglobal:iclass_se_readers_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:hidglobal:iclass_se_reader_modules:-:*:*:*:*:*:*:*

cpe:2.3:o:hidglobal:iclass_se_reader_modules_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:hidglobal:iclass_se_processors:-:*:*:*:*:*:*:*

cpe:2.3:o:hidglobal:iclass_se_processors_firmware:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:hidglobal:omnikey_5427ck:-:*:*:*:*:*:*:*

cpe:2.3:o:hidglobal:omnikey_5427ck_firmware:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:hidglobal:omnikey_5127ck:-:*:*:*:*:*:*:*

cpe:2.3:o:hidglobal:omnikey_5127ck_firmware:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:hidglobal:omnikey_5023:-:*:*:*:*:*:*:*

cpe:2.3:o:hidglobal:omnikey_5023_firmware:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:h:hidglobal:omnikey_5027:-:*:*:*:*:*:*:*

cpe:2.3:o:hidglobal:omnikey_5027_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.hidglobal.com/
https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2024-02-06T23:06:07.942Z

Updated: 2024-08-22T19:07:40.500Z

Reserved: 2024-01-25T17:05:42.446Z

Link: CVE-2024-22388

Vulnrichment

Updated: 2024-08-01T22:43:34.563Z

NVD

Status : Analyzed

Published: 2024-02-06T23:15:08.707

Modified: 2024-02-14T20:59:09.660

Link: CVE-2024-22388

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object