MidnightBSD

Advisories for hidglobal

CVE-2018-17489 LOW

EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers.

CVSS 2.0

Severity: LOW

Problem Type: CWE-312,

Products Affected

Vendor Product Version
hidglobal easylobby_solo 11.0.4563
CVE-2018-17490 LOW

EasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or launch new processes at will.

CVSS 2.0

Severity: LOW

Problem Type: CWE-862,

Products Affected

Vendor Product Version
hidglobal easylobby_solo 11.0.4563
CVE-2018-17491 HIGH

EasyLobby Solo could allow a local attacker to gain elevated privileges on the system. By visiting the kiosk and typing "esc" to exit the program, an attacker could exploit this vulnerability to perform unauthorized actions on the computer.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-862,

Products Affected

Vendor Product Version
hidglobal easylobby_solo 11.0.4563
CVE-2018-17492 LOW

EasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.

CVSS 2.0

Severity: LOW

Problem Type: CWE-798,

Products Affected

Vendor Product Version
hidglobal easylobby_solo 11.0.4563
CVE-2019-13603 MEDIUM

An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. It has a statically coded initialization vector to encrypt a user's fingerprint image, resulting in weak encryption of that. This, in combination with retrieving an encrypted fingerprint image and encryption key (through another vulnerability), allows an attacker to obtain a user's fingerprint image.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,

Products Affected

Vendor Product Version
hidglobal digital_persona_u.are.u_4500_driver_firmware 5.0.0.5
CVE-2020-36283 MEDIUM

HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hidglobal omnikey_5427_firmware -
hidglobal omnikey_5127_firmware -
CVE-2022-31479 HIGH

An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
productsecurity@carrier.com 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-693,CWE-78,

Products Affected

Vendor Product Version
carrier lenels2_lnl-x2210_firmware *
carrier lenels2_s2-lp-1501_firmware *
carrier lenels2_lnl-x3300_firmware *
hidglobal lp1502_firmware *
hidglobal ep4502_firmware *
hidglobal lp2500_firmware *
carrier lenels2_s2-lp-4502_firmware *
carrier lenels2_s2-lp-1502_firmware *
carrier lenels2_s2-lp-2500_firmware *
hidglobal lp1501_firmware *
hidglobal lp4502_firmware *
carrier lenels2_lnl-4420_firmware *
carrier lenels2_lnl-x4420_firmware *
carrier lenels2_lnl-x2220_firmware *
CVE-2022-31480 MEDIUM

An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productsecurity@carrier.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-425,CWE-425,

Products Affected

Vendor Product Version
carrier lenels2_lnl-x2210_firmware *
carrier lenels2_s2-lp-1501_firmware *
carrier lenels2_lnl-x3300_firmware *
hidglobal lp1502_firmware *
hidglobal ep4502_firmware *
hidglobal lp2500_firmware *
carrier lenels2_s2-lp-4502_firmware *
carrier lenels2_s2-lp-1502_firmware *
carrier lenels2_s2-lp-2500_firmware *
hidglobal lp1501_firmware *
hidglobal lp4502_firmware *
carrier lenels2_lnl-4420_firmware *
carrier lenels2_lnl-x4420_firmware *
carrier lenels2_lnl-x2220_firmware *
CVE-2022-31481 HIGH

An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The overflowed data can allow the attacker to manipulate the “normal” code execution to that of their choosing. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
productsecurity@carrier.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
carrier lenels2_lnl-x2210_firmware *
carrier lenels2_s2-lp-1501_firmware *
carrier lenels2_lnl-x3300_firmware *
hidglobal lp1502_firmware *
hidglobal ep4502_firmware *
hidglobal lp2500_firmware *
carrier lenels2_s2-lp-4502_firmware *
carrier lenels2_s2-lp-1502_firmware *
carrier lenels2_s2-lp-2500_firmware *
hidglobal lp1501_firmware *
hidglobal lp4502_firmware *
carrier lenels2_lnl-4420_firmware *
carrier lenels2_lnl-x4420_firmware *
carrier lenels2_lnl-x2220_firmware *
CVE-2022-31482 HIGH

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
productsecurity@carrier.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
carrier lenels2_lnl-x2210_firmware *
carrier lenels2_s2-lp-1501_firmware *
carrier lenels2_lnl-x3300_firmware *
hidglobal lp1502_firmware *
hidglobal ep4502_firmware *
hidglobal lp2500_firmware *
carrier lenels2_s2-lp-4502_firmware *
carrier lenels2_s2-lp-1502_firmware *
carrier lenels2_s2-lp-2500_firmware *
hidglobal lp1501_firmware *
hidglobal lp4502_firmware *
carrier lenels2_lnl-4420_firmware *
carrier lenels2_lnl-x4420_firmware *
carrier lenels2_lnl-x2220_firmware *
CVE-2022-31483 HIGH

An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicious actor to overwrite sensitive system files and install a startup service to gain remote access to the underlaying Linux operating system with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productsecurity@carrier.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
carrier lenels2_lnl-x2210_firmware *
carrier lenels2_s2-lp-1501_firmware *
carrier lenels2_lnl-x3300_firmware *
hidglobal lp1502_firmware *
hidglobal ep4502_firmware *
hidglobal lp2500_firmware *
carrier lenels2_s2-lp-4502_firmware *
carrier lenels2_s2-lp-1502_firmware *
carrier lenels2_s2-lp-2500_firmware *
hidglobal lp1501_firmware *
hidglobal lp4502_firmware *
carrier lenels2_lnl-4420_firmware *
carrier lenels2_lnl-x4420_firmware *
carrier lenels2_lnl-x2220_firmware *
CVE-2022-31484 MEDIUM

An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
productsecurity@carrier.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-425,CWE-425,

Products Affected

Vendor Product Version
carrier lenels2_lnl-x2210_firmware *
carrier lenels2_s2-lp-1501_firmware *
carrier lenels2_lnl-x3300_firmware *
hidglobal lp1502_firmware *
hidglobal ep4502_firmware *
hidglobal lp2500_firmware *
carrier lenels2_s2-lp-4502_firmware *
carrier lenels2_s2-lp-1502_firmware *
carrier lenels2_s2-lp-2500_firmware *
hidglobal lp1501_firmware *
hidglobal lp4502_firmware *
carrier lenels2_lnl-4420_firmware *
carrier lenels2_lnl-x4420_firmware *
carrier lenels2_lnl-x2220_firmware *
CVE-2022-31485 MEDIUM

An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productsecurity@carrier.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-425,CWE-425,

Products Affected

Vendor Product Version
carrier lenels2_lnl-x2210_firmware *
carrier lenels2_s2-lp-1501_firmware *
carrier lenels2_lnl-x3300_firmware *
hidglobal lp1502_firmware *
hidglobal ep4502_firmware *
hidglobal lp2500_firmware *
carrier lenels2_s2-lp-4502_firmware *
carrier lenels2_s2-lp-1502_firmware *
carrier lenels2_s2-lp-2500_firmware *
hidglobal lp1501_firmware *
hidglobal lp4502_firmware *
carrier lenels2_lnl-4420_firmware *
carrier lenels2_lnl-x4420_firmware *
carrier lenels2_lnl-x2220_firmware *
CVE-2022-31486 HIGH

An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
productsecurity@carrier.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
carrier lenels2_lnl-x2210_firmware *
carrier lenels2_s2-lp-1501_firmware *
carrier lenels2_lnl-x3300_firmware *
hidglobal lp1502_firmware *
hidglobal ep4502_firmware *
hidglobal lp2500_firmware *
carrier lenels2_s2-lp-4502_firmware *
carrier lenels2_s2-lp-1502_firmware *
carrier lenels2_s2-lp-2500_firmware *
hidglobal lp1501_firmware *
hidglobal lp4502_firmware *
carrier lenels2_lnl-4420_firmware *
carrier lenels2_lnl-x4420_firmware *
carrier lenels2_lnl-x2220_firmware *
CVE-2023-2904

The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H 2.1 5.2

Products Affected

Vendor Product Version
hidglobal safe *
CVE-2024-22388

Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 5.9 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N 1.4 4.0

Products Affected

Vendor Product Version
hidglobal omnikey_5127ck_firmware *
hidglobal iclass_se_processors_firmware *
hidglobal iclass_se_readers_firmware *
hidglobal omnikey_5427ck_firmware *
hidglobal iclass_se_cp1000_encoder_firmware *
hidglobal omnikey_5023_firmware *
hidglobal omnikey_5027_firmware *
hidglobal iclass_se_reader_modules_firmware *
CVE-2024-23806

Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 5.3 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 0.9 4.0

Products Affected

Vendor Product Version
hidglobal iclass_se_reader_configuration_cards_firmware -
hidglobal omnikey_secure_elements_reader_configuration_cards_firmware -