Vulnerability Description
An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Johnsoncontrols | Iosmart Gen 1 Firmware | < 1.07.02 |
| Johnsoncontrols | Iosmart Gen 1 | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02Third Party AdvisoryUS Government Resource
- https://www.johnsoncontrols.com/cyber-solutions/security-advisoriesVendor Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02Third Party AdvisoryUS Government Resource
- https://www.johnsoncontrols.com/cyber-solutions/security-advisoriesVendor Advisory
FAQ
What is CVE-2023-0248?
CVE-2023-0248 is a vulnerability with a CVSS score of 7.5 (HIGH). An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card ...
How severe is CVE-2023-0248?
CVE-2023-0248 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-0248?
Check the references section above for vendor advisories and patch information. Affected products include: Johnsoncontrols Iosmart Gen 1 Firmware, Johnsoncontrols Iosmart Gen 1.