CVE-2017-17910
| Summary |
On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The interception of the one-time pairing process is specifically not required. Due to use of AES-128 with an initial static random value and static data vector (all of this static information is the same across different customers' installations), the attacker can easily derive the utilized encryption key and decrypt the intercepted packet. The key can be verified by decrypting the intercepted packet and checking for known plaintext. Subsequently, an attacker can create arbitrary radio frames with the correct encryption key to control BiSecur garage and entrance gate operators and possibly other BiSecur systems as well ("wireless cloning"). To conduct the attack, a low cost Software Defined Radio (SDR) is sufficient. This affects Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS, and HSE2-868-BS devices.
|
| Publication Date |
Dec. 30, 2017, 4:29 a.m. |
| Registration Date |
Jan. 26, 2021, 1:20 p.m. |
| Last Update |
Nov. 21, 2024, 12:18 p.m. |
|
CVSS3.0 : MEDIUM
|
| スコア |
6.5
|
| Vector |
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 攻撃元区分(AV) |
隣接 |
| 攻撃条件の複雑さ(AC) |
低 |
| 攻撃に必要な特権レベル(PR) |
不要 |
| 利用者の関与(UI) |
不要 |
| 影響の想定範囲(S) |
変更なし |
| 機密性への影響(C) |
なし |
| 完全性への影響(I) |
なし |
| 可用性への影響(A) |
高 |
|
CVSS2.0 : LOW
|
| Score |
3.3
|
| Vector |
AV:A/AC:L/Au:N/C:N/I:N/A:P |
| 攻撃元区分(AV) |
隣接 |
| 攻撃条件の複雑さ(AC) |
低 |
| 攻撃前の認証要否(Au) |
不要 |
| 機密性への影響(C) |
なし |
| 完全性への影響(I) |
なし |
| 可用性への影響(A) |
低 |
| Get all privileges. |
いいえ
|
| Get user privileges |
いいえ
|
| Get other privileges |
いいえ
|
| User operation required |
いいえ
|
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:o:hoermann:hs5-868-bs_firmware:-:*:*:*:*:*:*:* |
|
|
|
|
| execution environment |
| 1 |
cpe:2.3:h:hoermann:hs5-868-bs:-:*:*:*:*:*:*:* |
| Configuration2 |
or higher |
or less |
more than |
less than |
| cpe:2.3:o:hoermann:hse2-868-bs_firmware:-:*:*:*:*:*:*:* |
|
|
|
|
| execution environment |
| 1 |
cpe:2.3:h:hoermann:hse2-868-bs:-:*:*:*:*:*:*:* |
| Configuration3 |
or higher |
or less |
more than |
less than |
| cpe:2.3:o:hoermann:hse1-868-bs_firmware:-:*:*:*:*:*:*:* |
|
|
|
|
| execution environment |
| 1 |
cpe:2.3:h:hoermann:hse1-868-bs:-:*:*:*:*:*:*:* |
Related information, measures and tools
Common Vulnerabilities List
JVN Vulnerability Information
Hoermann BiSecur デバイスにおける暗号に関する脆弱性
| Title |
Hoermann BiSecur デバイスにおける暗号に関する脆弱性
|
| Summary |
Hoermann BiSecur デバイスには、暗号に関する脆弱性が存在します。
|
| Possible impacts |
サービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution |
ベンダ情報および参考情報を参照して適切な対策を実施してください。 |
| Publication Date |
Dec. 28, 2017, midnight |
| Registration Date |
Jan. 29, 2018, 5:12 p.m. |
| Last Update |
Jan. 29, 2018, 5:12 p.m. |
Affected System
| Hoermann |
|
HS5-868-BS ファームウェア
|
|
HSE1-868-BS ファームウェア
|
|
HSE2-868-BS ファームウェア
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
その他
Change Log
| No |
Changed Details |
Date of change |
| 0 |
[2018年01月29日]
掲載 |
Feb. 17, 2018, 10:37 a.m. |