Kantech Gen1 ioSmart card reader
CVE-2023-0248

7.5HIGH

Key Information:

Vendor: Sensormatic Electronics, A Subsidiary Of Johnson Controls, Inc.
Status: iOSmart Gen1
Vendor: CVE Published:; 14 December 2023

What is CVE-2023-0248?

An attacker with direct physical access to the Kantech Gen1 ioSmart card reader, specifically those running firmware versions earlier than 1.07.02, can potentially recover sensitive communication memory between the card and the reader. This vulnerability could allow unauthorized users to access confidential data, posing significant security risks to systems utilizing this technology. It is advised that users upgrade to the latest firmware to mitigate these risks and enhance the overall security of their facilities.

Affected Version(s)

ioSmart Gen1 0 < 1.07.02

References

https://www.johnsoncontrols.com/cyber-solutions/security-...

https://www.cisa.gov/news-events/ics-advisories/icsa-23-3...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Jan 12, 2023

Credit

Colin O’Flynn at NewAE Technology Inc.