Sensitive Data at Risk: HID iCLASS SE Reader Configuration Cards Vulnerable to Extraction
CVE-2024-23806

5.3MEDIUM

Key Information:

Vendor

Hid Global

Status
Hid Iclass Se Reader Configuration Cards
Omnikey Secure Elements Reader Configuration Cards
Vendor
CVE Published:
7 February 2024

What is CVE-2024-23806?

Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.

Affected Version(s)

HID iCLASS SE reader configuration cards All

OMNIKEY Secure Elements reader configuration cards All

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-0...
https://www.hidglobal.com/support

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

HID Global reported this vulnerability to CISA.
JSON
.