CVE-2023-0248

Summary

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.

Affected Software

VendorProductVersion RangeStatus
Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.ioSmart Gen10 < 1.07.02affected

Weaknesses

  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-401: CWE-401 Missing Release of Memory after Effective Lifetime

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References