CVE-2024-1578 - Vulnerability Details

The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the ‘ID card self-registration’ function.

Attack Vector Physical

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Nt-ware	Micard Plus Ble Micard Plus Ci
Rfideas	Micard Plus Ble Micard Plus Ble Firmware Micard Plus Ci Micard Plus Ci Firmware

Configuration 1 [-]

AND

cpe:2.3:o:rfideas:micard_plus_ci_firmware:0.1.0.7:*:*:*:*:*:*:*

cpe:2.3:h:rfideas:micard_plus_ci:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:rfideas:micard_plus_ble_firmware:0.1.0.4:*:*:*:*:*:*:*

cpe:2.3:h:rfideas:micard_plus_ble:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters
https://www.canon-europe.com/psirt/advisory-information

History

Fri, 20 Sep 2024 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Rfideas Rfideas micard Plus Ble Rfideas micard Plus Ble Firmware Rfideas micard Plus Ci Rfideas micard Plus Ci Firmware
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:rfideas:micard_plus_ble:-:::::::* cpe:2.3:h:rfideas:micard_plus_ci:-:::::::* cpe:2.3:o:rfideas:micard_plus_ble_firmware:0.1.0.4:::::::* cpe:2.3:o:rfideas:micard_plus_ci_firmware:0.1.0.7:::::::*
Vendors & Products		Rfideas Rfideas micard Plus Ble Rfideas micard Plus Ble Firmware Rfideas micard Plus Ci Rfideas micard Plus Ci Firmware

Mon, 16 Sep 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nt-ware Nt-ware micard Plus Ble Nt-ware micard Plus Ci
CPEs		cpe:2.3:a:nt-ware:micard_plus_ble:::::::: cpe:2.3:a:nt-ware:micard_plus_ci::::::::
Vendors & Products		Nt-ware Nt-ware micard Plus Ble Nt-ware micard Plus Ci
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 16 Sep 2024 07:15:00 +0000

Type	Values Removed	Values Added
Description		The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the ‘ID card self-registration’ function.
Title		Multiple MiCard PLUS card reader dropped characters
Weaknesses		CWE-1287
References		https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters https://www.canon-europe.com/psirt/advisory-information
Metrics		cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Canon_EMEA

Published: 2024-09-16T06:59:35.306Z

Updated: 2024-09-16T14:33:10.067Z

Reserved: 2024-02-16T10:45:13.818Z

Link: CVE-2024-1578

Vulnrichment

Updated: 2024-09-16T14:22:57.862Z

NVD

Status : Analyzed

Published: 2024-09-16T07:15:02.030

Modified: 2024-09-20T13:53:31.657

Link: CVE-2024-1578

Redhat

No data.

Metrics

Attack Vector Physical

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object