CVE-2024-29941

Summary

Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default ICT encryption.

Affected Software

VendorProductVersion RangeStatus
Integrated Control TechnologyTSEC0affected

Weaknesses

Workarounds

Use custom keysets unique to customer sites to prevent cards being created by third parties using exploited publicly available default keysets

Setup two-factor authentication (2FA) on all doors where PIN readers are installed to mitigate the risk of using credentials with publicly available default keysets

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References