CVE-2024-1578

The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the ‘ID card self-registration’ function.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 4.7

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters	Mitigation Third Party Advisory
https://www.canon-europe.com/psirt/advisory-information	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:rfideas:micard_plus_ci_firmware:0.1.0.7:*:*:*:*:*:*:*

cpe:2.3:h:rfideas:micard_plus_ci:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:rfideas:micard_plus_ble_firmware:0.1.0.4:*:*:*:*:*:*:*

cpe:2.3:h:rfideas:micard_plus_ble:-:*:*:*:*:*:*:*

History

20 Sep 2024, 13:53

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
First Time		Rfideas Rfideas micard Plus Ble Firmware Rfideas micard Plus Ble Rfideas micard Plus Ci Rfideas micard Plus Ci Firmware
CPE		cpe:2.3:o:rfideas:micard_plus_ble_firmware:0.1.0.4:::::::* cpe:2.3:h:rfideas:micard_plus_ble:-:::::::* cpe:2.3:o:rfideas:micard_plus_ci_firmware:0.1.0.7:::::::* cpe:2.3:h:rfideas:micard_plus_ci:-:::::::*
References	~~() https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters -~~	() https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters - Mitigation, Third Party Advisory
References	~~() https://www.canon-europe.com/psirt/advisory-information -~~	() https://www.canon-europe.com/psirt/advisory-information - Vendor Advisory

16 Sep 2024, 15:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-16 07:15

Updated : 2024-09-20 13:53

NVD link : CVE-2024-1578

Mitre link : CVE-2024-1578

CVE.ORG link : CVE-2024-1578

JSON object : View

Products Affected

rfideas

micard_plus_ci_firmware
micard_plus_ble_firmware
micard_plus_ble
micard_plus_ci

CWE

NVD-CWE-noinfo CWE-1287

Improper Validation of Specified Type of Input

{"id": "CVE-2024-1578", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 0.5}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 0.5}], "cvssMetricV40": [{"type": "Secondary", "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.3, "automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-09-16T07:15:02.030", "references": [{"url": "https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters", "tags": ["Mitigation", "Third Party Advisory"], "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3"}, {"url": "https://www.canon-europe.com/psirt/advisory-information", "tags": ["Vendor Advisory"], "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3", "description": [{"lang": "en", "value": "CWE-1287"}]}], "descriptions": [{"lang": "en", "value": "The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the \u2018ID card self-registration\u2019 function."}, {"lang": "es", "value": "Los lectores MiCard PLUS Ci y MiCard PLUS BLE desarrollados por rf IDEAS y renombrados por NT-ware tienen un fallo de firmware que puede provocar que se eliminen caracteres de forma aleatoria en algunas lecturas de tarjetas de identificaci\u00f3n, lo que dar\u00eda lugar a que se asignara un n\u00famero de tarjeta de identificaci\u00f3n incorrecto durante el autorregistro de la tarjeta de identificaci\u00f3n y podr\u00eda provocar intentos fallidos de inicio de sesi\u00f3n para los usuarios finales. La eliminaci\u00f3n aleatoria de caracteres de los n\u00fameros de tarjeta de identificaci\u00f3n compromete la unicidad de las tarjetas de identificaci\u00f3n, lo que puede, por lo tanto, generar un problema de seguridad si los usuarios utilizan la funci\u00f3n de \"autorregistro de tarjeta de identificaci\u00f3n\"."}], "lastModified": "2024-09-20T13:53:31.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rfideas:micard_plus_ci_firmware:0.1.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF183E5B-D277-422A-AEC8-3FA8253BEFDA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rfideas:micard_plus_ci:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "34DA9EB3-51BA-4F27-83CF-25B1A4061C6E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rfideas:micard_plus_ble_firmware:0.1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D897A1C4-F336-49A2-B805-F6CFA20234A1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rfideas:micard_plus_ble:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0D784B14-21AE-4BF0-A1AF-3E43E85E7F79"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3"}

5.3 /10