CVE-2023-0248

HIGH

Kantech Gen1 ioSmart <1.07.02 - Info Disclosure

Title source: llm

Description

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.

References (2)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02

[Vendor Advisory] https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Scores

CVSS v3 7.5

EPSS 0.0010

EPSS Percentile 27.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L

Classification

CWE

CWE-401 CWE-200

Status published

Affected Products (1)

johnsoncontrols/iosmart_gen_1_firmware < 1.07.02

Timeline

Published Dec 14, 2023

Tracked Since Feb 18, 2026