CVE-2022-31481

{"id": "CVE-2022-31481", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "productsecurity@carrier.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2022-06-06T17:15:11.110", "references": [{"url": "https://www.corporate.carrier.com/product-security/advisories-resources/", "tags": ["Vendor Advisory"], "source": "productsecurity@carrier.com"}, {"url": "https://www.corporate.carrier.com/product-security/advisories-resources/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "productsecurity@carrier.com", "description": [{"lang": "en", "value": "CWE-120"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The overflowed data can allow the attacker to manipulate the \u201cnormal\u201d code execution to that of their choosing. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable."}, {"lang": "es", "value": "Un atacante no autenticado puede enviar un archivo de actualizaci\u00f3n especialmente dise\u00f1ado al dispositivo que puede desbordar un b\u00fafer. Esta vulnerabilidad afecta a los productos basados en los controladores inteligentes HID Mercury LP1501, LP1502, LP2500, LP4502 y EP4502 que contienen versiones de firmware anteriores a 1.302 para la serie LP y 1.296 para la serie EP. Los datos desbordados pueden permitir al atacante manipular la ejecuci\u00f3n del c\u00f3digo \"normal\" a su elecci\u00f3n. Un atacante con este nivel de acceso en el dispositivo puede monitorear todas las comunicaciones enviadas hacia y desde este dispositivo, modificar los rel\u00e9s de la placa, cambiar los archivos de configuraci\u00f3n o causar que el dispositivo se vuelva inestable"}], "lastModified": "2024-11-21T07:04:32.883", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2531827-8A5A-43E9-9676-673E4E3A57E8", "versionEndExcluding": "1.302"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hidglobal:lp1501:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B9DC3EC5-C67D-4FE5-8B53-04AB785588FE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27E8E33B-63CA-4661-9B45-1D2A4A4A7417", "versionEndExcluding": "1.302"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hidglobal:lp1502:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "902FDABA-C5D0-4CAE-BBDF-E4338D3A4DAF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97CACF87-1D8F-43AE-8BA2-9BA48EABDE97", "versionEndExcluding": "1.302"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hidglobal:lp2500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AAC2A69E-BF7D-448B-8347-19CFFABED15A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E33A1872-FA6E-4063-BAE1-1437F0780107", "versionEndExcluding": "1.302"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hidglobal:lp4502:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "22147A65-6ADE-46F3-AFF8-E46CE81D6E8B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C85E5702-D143-4EFB-BCFB-E4AE18C87882", "versionEndExcluding": "1.296"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hidglobal:ep4502:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F9A28A38-C57D-4FC6-8CAA-0011AF06D290"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:carrier:lenels2_lnl-4420_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "332F1FB3-FBB7-42F1-A6A8-AAFD5D67ACA7", "versionEndExcluding": "1.296"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:carrier:lenels2_lnl-4420:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "36855319-E36B-47C3-B27E-E1509D1C9D4D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:carrier:lenels2_lnl-x2210_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B1CBAA6-DAF5-413D-B361-890DAAC626EC", "versionEndExcluding": "1.302"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:carrier:lenels2_lnl-x2210:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3B091C8F-2C3A-47C9-92AC-550D977F781A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:carrier:lenels2_lnl-x2220_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E0F6C5B-E4F4-444D-A6D4-B8F58A92B7BC", "versionEndExcluding": "1.302"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:carrier:lenels2_lnl-x2220:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "15FD8460-39D0-46C4-9F04-EB3B6C72767A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:carrier:lenels2_lnl-x3300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DF532E2-3AC9-4850-A716-343795C55019", "versionEndExcluding": "1.302"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:carrier:lenels2_lnl-x3300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "389BE7A1-1B57-4097-9AAF-A6931C06BA15"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:carrier:lenels2_lnl-x4420_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4415D959-7321-41D7-A193-B4B01E4DC6DD", "versionEndExcluding": "1.302"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:carrier:lenels2_lnl-x4420:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2BC2BAEA-E139-47C2-9A8F-857AB1C7D54B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:carrier:lenels2_s2-lp-1501_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7752CDEC-BC7A-406E-9AFB-30C22190570D", "versionEndExcluding": "1.302"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:carrier:lenels2_s2-lp-1501:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3183C665-CD31-446D-8D95-908148675D25"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:carrier:lenels2_s2-lp-1502_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B057323E-A352-4E32-845F-51DEA38722BD", "versionEndExcluding": "1.302"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:carrier:lenels2_s2-lp-1502:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "93B38941-79D8-41E7-9763-989C0C3B6139"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:carrier:lenels2_s2-lp-2500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5BF0DDA-C6DC-4728-9902-BA0324A13A7C", "versionEndExcluding": "1.302"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:carrier:lenels2_s2-lp-2500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1724D78F-EE79-4E48-BDB2-D399C573F42D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:carrier:lenels2_s2-lp-4502_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2F9B937-9326-47A5-AE7F-9218B1F0B7B3", "versionEndExcluding": "1.302"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:carrier:lenels2_s2-lp-4502:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "115129D2-5134-4BCD-B5D0-263F4687B59D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "productsecurity@carrier.com"}