CVE-2024-23806 - Vulnerability Details

Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Hidglobal	Iclass Se Reader Configuration Cards Iclass Se Reader Configuration Cards Firmware Omnikey Secure Elements Reader Configuration Cards Omnikey Secure Elements Reader Configuration Cards Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hidglobal:omnikey_secure_elements_reader_configuration_cards_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hidglobal:omnikey_secure_elements_reader_configuration_cards:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hidglobal:iclass_se_reader_configuration_cards_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hidglobal:iclass_se_reader_configuration_cards:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02
https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02
https://www.hidglobal.com/support

History

Fri, 13 Jun 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02

Fri, 11 Oct 2024 16:30:00 +0000

Type	Values Removed	Values Added
References	https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02

Fri, 11 Oct 2024 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-285

Fri, 11 Oct 2024 15:45:00 +0000

Type	Values Removed	Values Added
Description	Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.	Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.
References		https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2024-02-07T16:23:16.889Z

Updated: 2025-06-13T15:07:44.967Z

Reserved: 2024-01-25T17:05:42.439Z

Link: CVE-2024-23806

Vulnrichment

Updated: 2024-08-01T23:13:08.449Z

NVD

Status : Modified

Published: 2024-02-07T17:15:10.713

Modified: 2024-11-21T08:58:27.657

Link: CVE-2024-23806

Redhat

No data.

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object