CVE-2021-27662 - OpenCVE

The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Johnsoncontrols	Kantech Kt-1 Door Controller Firmware Kantech Kt-1 Door Controller

Configuration 1 [-]

AND

cpe:2.3:o:johnsoncontrols:kantech_kt-1_door_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:johnsoncontrols:kantech_kt-1_door_controller:-:*:*:*:*:*:*:*

References

Link	Resource
https://us-cert.gov/ics/advisories	Third Party Advisory US Government Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jci

Published: 2021-09-10T00:00:00

Updated: 2021-09-15T12:04:22

Reserved: 2021-02-24T00:00:00

Link: CVE-2021-27662

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-15T13:15:07.800

Modified: 2021-09-28T00:58:44.707

Link: CVE-2021-27662

JSON object: View

Redhat Information

No data.

CWE

CWE-294

{"containers": {"cna": {"affected": [{"product": "KT-1", "vendor": "Johnson Controls", "versions": [{"lessThanOrEqual": "3.01", "status": "affected", "version": "all versions up to and including 3.01", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Dr. Dave Burke"}, {"lang": "en", "value": "Anthony Connor"}, {"lang": "en", "value": "Harrison Spisak"}], "datePublic": "2021-09-10T00:00:00", "descriptions": [{"lang": "en", "value": "The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-294", "description": "CWE-294: Authentication Bypass by Capture-replay", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-15T12:04:22", "orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "shortName": "jci"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"}, {"name": "ICS-CERT Advisory", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "https://us-cert.gov/ics/advisories"}], "solutions": [{"lang": "en", "value": "Upgrade the KT-1 controller to version 3.04 and upgrade EntraPass to version 8.40."}], "source": {"discovery": "EXTERNAL"}, "title": "KT-1 Capture-replay", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productsecurity@jci.com", "DATE_PUBLIC": "2021-09-10T06:01:00.000Z", "ID": "CVE-2021-27662", "STATE": "PUBLIC", "TITLE": "KT-1 Capture-replay"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "KT-1", "version": {"version_data": [{"version_affected": "<=", "version_name": "all versions up to and including 3.01", "version_value": "3.01"}]}}]}, "vendor_name": "Johnson Controls"}]}}, "credit": [{"lang": "eng", "value": "Dr. Dave Burke"}, {"lang": "eng", "value": "Anthony Connor"}, {"lang": "eng", "value": "Harrison Spisak"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-294: Authentication Bypass by Capture-replay"}]}]}, "references": {"reference_data": [{"name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", "refsource": "CONFIRM", "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"}, {"name": "ICS-CERT Advisory", "refsource": "CERT", "url": "https://us-cert.gov/ics/advisories"}]}, "solution": [{"lang": "en", "value": "Upgrade the KT-1 controller to version 3.04 and upgrade EntraPass to version 8.40."}], "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01", "assignerShortName": "jci", "cveId": "CVE-2021-27662", "datePublished": "2021-09-10T00:00:00", "dateReserved": "2021-02-24T00:00:00", "dateUpdated": "2021-09-15T12:04:22", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:johnsoncontrols:kantech_kt-1_door_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CAF57B1-AF4E-44C0-9509-02EC349AB7E0", "versionEndIncluding": "3.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:johnsoncontrols:kantech_kt-1_door_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "354083EA-7FBF-49F3-9706-BF750876B8A5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01"}, {"lang": "es", "value": "El controlador de puertas KT-1 es susceptible de sufrir ataques de repetici\u00f3n o de tipo man-in-the-middle en los que un atacante puede grabar y reproducir paquetes TCP. Este problema afecta a Johnson Controls KT-1 en Todas las versiones hasta 3.01 incluy\u00e9ndola"}], "id": "CVE-2021-27662", "lastModified": "2021-09-28T00:58:44.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "productsecurity@jci.com", "type": "Secondary"}]}, "published": "2021-09-15T13:15:07.800", "references": [{"source": "productsecurity@jci.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.gov/ics/advisories"}, {"source": "productsecurity@jci.com", "tags": ["Vendor Advisory"], "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"}], "sourceIdentifier": "productsecurity@jci.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-294"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-294"}], "source": "productsecurity@jci.com", "type": "Secondary"}]}