Vulnerabilities > CVE-2023-0248 - Memory Leak vulnerability in Johnsoncontrols Iosmart GEN 1 Firmware

CVSS 5.3 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

high complexity

johnsoncontrols

CWE-401

NVD

Published: 2023-12-14

Updated: 2023-12-21

Summary

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.

Vulnerable Configurations

Part	Description	Count
OS	Johnsoncontrols Johnsoncontrols Iosmart GEN 1 Firmware -	1
Hardware	Johnsoncontrols Johnsoncontrols Iosmart GEN 1 -	1

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

References

https://www.johnsoncontrols.com/cyber-solutions/security-advisories
https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-02