CVE-2022-31481

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-31481
An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The overflowed data can allow the attacker to manipulate the “normal” code execution to that of their choosing. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable.

10.0 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://www.corporate.carrier.com/product-security/advisories-resources/ Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp1501:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp1502:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp2500:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp4502:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:ep4502:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-4420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-4420:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x2210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x2210:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x2220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x2220:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x3300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x3300:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x4420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x4420:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-1501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-1501:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-1502:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-2500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-2500:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-4502:-:*:*:*:*:*:*:*
History

17 Jun 2022, 14:31

Type Values Removed Values Added
References (MISC) https://www.corporate.carrier.com/product-security/advisories-resources/ - (MISC) https://www.corporate.carrier.com/product-security/advisories-resources/ - Vendor Advisory
CWE CWE-120
CPE cpe:2.3:h:carrier:lenels2_s2-lp-4502:-:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp1502:-:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-x3300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-4420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-4420:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-x2210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:ep4502:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_s2-lp-1501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_s2-lp-4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp4502:-:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_s2-lp-2500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x2220:-:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-1501:-:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp2500:-:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp1501:-:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-1502:-:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x2210:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x4420:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_s2-lp-1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-x2220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x3300:-:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-2500:-:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-x4420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : 7.5
v3 : 10.0
First Time Hidglobal lp2500 Firmware
Carrier lenels2 S2-lp-1502
Hidglobal ep4502 Firmware
Hidglobal lp1502 Firmware
Carrier lenels2 S2-lp-2500 Firmware
Carrier lenels2 S2-lp-4502 Firmware
Hidglobal lp4502
Hidglobal lp4502 Firmware
Carrier lenels2 Lnl-x2210
Carrier lenels2 Lnl-x4420 Firmware
Hidglobal ep4502
Carrier lenels2 Lnl-4420 Firmware
Hidglobal
Carrier lenels2 Lnl-4420
Carrier lenels2 S2-lp-1501 Firmware
Carrier
Hidglobal lp1501 Firmware
Carrier lenels2 Lnl-x2220 Firmware
Carrier lenels2 Lnl-x3300 Firmware
Hidglobal lp2500
Hidglobal lp1502
Carrier lenels2 Lnl-x2210 Firmware
Carrier lenels2 S2-lp-2500
Carrier lenels2 Lnl-x2220
Carrier lenels2 S2-lp-1502 Firmware
Hidglobal lp1501
Carrier lenels2 S2-lp-4502
Carrier lenels2 Lnl-x3300
Carrier lenels2 S2-lp-1501
Carrier lenels2 Lnl-x4420

06 Jun 2022, 17:39

Type Values Removed Values Added
New CVE
Information

Published : 2022-06-06 17:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-31481

Mitre link : CVE-2022-31481

CVE.ORG link : CVE-2022-31481

JSON object : View

Products Affected

carrier

  • lenels2_lnl-x3300
  • lenels2_lnl-x2220_firmware
  • lenels2_s2-lp-4502
  • lenels2_lnl-4420
  • lenels2_s2-lp-1501
  • lenels2_s2-lp-2500_firmware
  • lenels2_lnl-x3300_firmware
  • lenels2_s2-lp-1502_firmware
  • lenels2_lnl-x2210
  • lenels2_s2-lp-2500
  • lenels2_s2-lp-4502_firmware
  • lenels2_lnl-x2210_firmware
  • lenels2_s2-lp-1501_firmware
  • lenels2_lnl-4420_firmware
  • lenels2_lnl-x4420_firmware
  • lenels2_lnl-x4420
  • lenels2_lnl-x2220
  • lenels2_s2-lp-1502

hidglobal

  • lp1501_firmware
  • lp1502
  • lp2500_firmware
  • lp4502_firmware
  • ep4502
  • ep4502_firmware
  • lp4502
  • lp1501
  • lp1502_firmware
  • lp2500
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')