CVE-2023-0248 HIGH

CVE-2023-0248: Kantech Gen1 ioSmart card reader

Vendor Sensormatic Electronics, A Subsidiary Of Johnson Controls, Inc.

Product ioSmart Gen1

Weakness CWE-200 · Info exposure

Published December 14, 2023

Last update October 8, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Adjacent

Attack complexity High

Privileges required None

User interaction None

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L

What the vulnerability does

01Description

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.

Key dates

02Disclosure timeline

December 14, 2023 CVE published

October 8, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-0248

Related vulnerabilities

Identifiers

CVE CVE-2023-0248

CWE CWE-200

CVSS 7.5 / HIGH

Affected versions