CVE-2024-22388 - OpenCVE

Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Hidglobal	Iclass Se Processors Omnikey 5027 Iclass Se Reader Modules Omnikey 5427ck Firmware Omnikey 5127ck Iclass Se Cp1000 Encoder Iclass Se Readers Firmware Iclass Se Processors Firmware Omnikey 5127ck Firmware Iclass Se Readers Iclass Se Reader Modules Firmware Iclass Se Cp1000 Encoder Firmware Omnikey 5427ck Omnikey 5023 Omnikey 5027 Firmware Omnikey 5023 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hidglobal:iclass_se_cp1000_encoder_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hidglobal:iclass_se_cp1000_encoder:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hidglobal:iclass_se_readers_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hidglobal:iclass_se_readers:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hidglobal:iclass_se_reader_modules_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hidglobal:iclass_se_reader_modules:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hidglobal:iclass_se_processors_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hidglobal:iclass_se_processors:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:hidglobal:omnikey_5427ck_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hidglobal:omnikey_5427ck:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:hidglobal:omnikey_5127ck_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hidglobal:omnikey_5127ck:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:hidglobal:omnikey_5023_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hidglobal:omnikey_5023:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:hidglobal:omnikey_5027_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hidglobal:omnikey_5027:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.hidglobal.com/	Product
https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2024-02-06T23:06:07.942Z

Updated: 2024-02-06T23:06:07.942Z

Reserved: 2024-01-25T17:05:42.446Z

Link: CVE-2024-22388

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-02-06T23:15:08.707

Modified: 2024-02-14T20:59:09.660

Link: CVE-2024-22388

JSON object: View

Redhat Information

No data.

CWE