CVE-2024-22388

Published: Feb 6, 2024

Modified: May 7, 2025

PUBLISHED

CVSS v3.1

5.9

MEDIUM

Description

Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.

Vendor	Product	Versions
HID Global	iCLASS SE CP1000 Encoder	affected `All`
HID Global	iCLASS SE Readers	affected `All`
HID Global	iCLASS SE Reader Modules	affected `All`
HID Global	iCLASS SE Processors	affected `All`
HID Global	OMNIKEY 5427CK Readers	affected `All`
HID Global	OMNIKEY 5127CK Readers	affected `All`
HID Global	OMNIKEY 5023 Readers	affected `All`
HID Global	OMNIKEY 5027 Readers	affected `All`

Weaknesses (CWE)

CWE-1188

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01

https://support.hidglobal.com/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-22388

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References