CVE-2024-22388

Insecure Default Initialization of Resource in HID Global

CVSS 5.9 MEDIUMEPSS 0.2%CWE-1188

Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Affected products

HID Global · iCLASS SE CP1000 Encoder HID Global · iCLASS SE Processors HID Global · iCLASS SE Reader Modules HID Global · iCLASS SE Readers HID Global · OMNIKEY 5023 Readers HID Global · OMNIKEY 5027 Readers HID Global · OMNIKEY 5127CK Readers HID Global · OMNIKEY 5427CK Readers

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.hidglobal.com/https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01