CVE-2022-31481

06.06.2022, 17:15

An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The overflowed data can allow the attacker to manipulate the normal code execution to that of their choosing. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable.

Classic Buffer Overflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Carrier	CNA	10 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 75%

Vendor	Product	Version
hidglobal	lp1501_firmware	𝑥 < 1.302
hidglobal	lp1502_firmware	𝑥 < 1.302
hidglobal	lp2500_firmware	𝑥 < 1.302
hidglobal	lp4502_firmware	𝑥 < 1.302
hidglobal	ep4502_firmware	𝑥 < 1.296
carrier	lenels2_lnl-4420_firmware	𝑥 < 1.296
carrier	lenels2_lnl-x2210_firmware	𝑥 < 1.302
carrier	lenels2_lnl-x2220_firmware	𝑥 < 1.302
carrier	lenels2_lnl-x3300_firmware	𝑥 < 1.302
carrier	lenels2_lnl-x4420_firmware	𝑥 < 1.302
carrier	lenels2_s2-lp-1501_firmware	𝑥 < 1.302
carrier	lenels2_s2-lp-1502_firmware	𝑥 < 1.302
carrier	lenels2_s2-lp-2500_firmware	𝑥 < 1.302
carrier	lenels2_s2-lp-4502_firmware	𝑥 < 1.302

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://www.corporate.carrier.com/product-security/advisories-resources/