CVE-2023-7003

Summary

The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to compromise other locks using the Sciener firmware.

Affected Software

VendorProductVersion RangeStatus
ScienerKontrol Lux6.5.x <= 6.5.07affected

Weaknesses

  • CWE-323: CWE-323 Reusing a Nonce, Key Pair in Encryption

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References