CVE-2024-22388

MEDIUM

Encoder Configuration - Info Disclosure

Title source: llm

Description

Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.

References (2)

[Product] https://support.hidglobal.com/

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01

Scores

CVSS v3 5.9

EPSS 0.0004

EPSS Percentile 12.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1188

Status published

Products (8)

hidglobal/iclass_se_cp1000_encoder_firmware

hidglobal/iclass_se_processors_firmware

hidglobal/iclass_se_reader_modules_firmware

hidglobal/iclass_se_readers_firmware

hidglobal/omnikey_5023_firmware

hidglobal/omnikey_5027_firmware

hidglobal/omnikey_5127ck_firmware

hidglobal/omnikey_5427ck_firmware

Published Feb 06, 2024

Tracked Since Feb 18, 2026