CVE-2024-22388

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-22388
Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.

5.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://support.hidglobal.com/ Product
https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01 Third Party Advisory US Government Resource
https://support.hidglobal.com/ Product
https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hidglobal:iclass_se_cp1000_encoder_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:iclass_se_cp1000_encoder:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:hidglobal:iclass_se_readers_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:iclass_se_readers:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:hidglobal:iclass_se_reader_modules_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:iclass_se_reader_modules:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:hidglobal:iclass_se_processors_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:iclass_se_processors:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:hidglobal:omnikey_5427ck_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:omnikey_5427ck:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:hidglobal:omnikey_5127ck_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:omnikey_5127ck:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:hidglobal:omnikey_5023_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:omnikey_5023:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:hidglobal:omnikey_5027_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:omnikey_5027:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-02-06 23:15

Updated : 2024-11-21 08:56

NVD link : CVE-2024-22388

Mitre link : CVE-2024-22388

CVE.ORG link : CVE-2024-22388

JSON object : View

Products Affected

hidglobal

  • omnikey_5127ck_firmware
  • omnikey_5427ck_firmware
  • iclass_se_cp1000_encoder_firmware
  • iclass_se_readers_firmware
  • iclass_se_readers
  • omnikey_5427ck
  • omnikey_5127ck
  • omnikey_5023
  • iclass_se_reader_modules_firmware
  • iclass_se_processors_firmware
  • omnikey_5023_firmware
  • omnikey_5027_firmware
  • omnikey_5027
  • iclass_se_reader_modules
  • iclass_se_cp1000_encoder
  • iclass_se_processors
CWE
CWE-1188

Initialization of a Resource with an Insecure Default

NVD-CWE-Other