CVE-2023-0248

{"id": "CVE-2023-0248", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}, {"type": "Secondary", "source": "productsecurity@jci.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 5.3, "exploitabilityScore": 1.6}]}, "published": "2023-12-14T21:15:07.553", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "productsecurity@jci.com"}, {"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", "tags": ["Vendor Advisory"], "source": "productsecurity@jci.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}, {"type": "Secondary", "source": "productsecurity@jci.com", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.\n\n"}, {"lang": "es", "value": "Un atacante con acceso f\u00edsico al lector de tarjetas Kantech Gen1 ioSmart con versi\u00f3n de firmware anterior a 1.7.2 en determinadas circunstancias puede recuperar la memoria de comunicaci\u00f3n del lector entre la tarjeta y el lector."}], "lastModified": "2023-12-21T15:12:05.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:johnsoncontrols:iosmart_gen_1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EAD2797-79E8-4ED4-87EC-914F08698414", "versionEndExcluding": "1.07.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:johnsoncontrols:iosmart_gen_1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1FC9CD38-BBD7-4AB8-A7E1-87246BCD7812"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "productsecurity@jci.com"}