What is the severity of CVE-2023-0248?

CVE-2023-0248 has been classified with a moderate severity due to the potential for data recovery with physical access.

How do I fix CVE-2023-0248?

To mitigate CVE-2023-0248, upgrade the Kantech Gen1 ioSmart card reader firmware to version 1.07.02 or later.

What systems are affected by CVE-2023-0248?

CVE-2023-0248 affects Kantech Gen1 ioSmart card readers running firmware versions prior to 1.07.02.

What is the impact of CVE-2023-0248?

The impact of CVE-2023-0248 is that an attacker could potentially recover sensitive communication memory between the card and the reader.

Who is the vendor for CVE-2023-0248?

The vendor for CVE-2023-0248 is Johnson Controls, which produces the Kantech Gen1 ioSmart card reader.

Vulnerability/
CVE-2023-0248

high

7.5

CWE

401 200

14/12/2023

8/10/2024

CVE-2023-0248: Kantech Gen1 ioSmart card reader

First published: Thu Dec 14 2023(Updated: )

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.

Credit: productsecurity@jci.com

Affected Software	Affected Version	How to fix
All of
Johnsoncontrols Iosmart Gen 1 Firmware	<1.07.02
Johnsoncontrols Iosmart Gen 1

Remedy

Update ioSmart Gen1 card reader to firmware version 1.07.02 or higher. Download the update here: https://www.kantech.com/Resources/GetDoc.aspx?p=1&id=58679 https://www.kantech.com/Resources/GetDoc.aspx Contact technical support for additional information. ioSmart Gen2 readers are not affected by this behavior. Contact your local sales representative for ordering information.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-0248?
CVE-2023-0248 has been classified with a moderate severity due to the potential for data recovery with physical access.
How do I fix CVE-2023-0248?
To mitigate CVE-2023-0248, upgrade the Kantech Gen1 ioSmart card reader firmware to version 1.07.02 or later.
What systems are affected by CVE-2023-0248?
CVE-2023-0248 affects Kantech Gen1 ioSmart card readers running firmware versions prior to 1.07.02.
What is the impact of CVE-2023-0248?
The impact of CVE-2023-0248 is that an attacker could potentially recover sensitive communication memory between the card and the reader.
Who is the vendor for CVE-2023-0248?
The vendor for CVE-2023-0248 is Johnson Controls, which produces the Kantech Gen1 ioSmart card reader.

collector/nvd-api
agent/references
agent/type
agent/event
agent/softwarecombine
agent/first-publish-date
agent/remedy
agent/severity
agent/weakness
agent/author
agent/title
agent/description
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
vendor/johnsoncontrols
canonical/johnsoncontrols iosmart gen 1 firmware
canonical/johnsoncontrols iosmart gen 1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.