Lucene search

MitreCVE-2022-45914

HistoryNov 27, 2022 - 1:15 a.m.

CVE-2022-45914

2022-11-2701:15:10

CWE-294

mitre

web.nvd.nist.gov

cve-2022-45914

esl protocol

electronic shelf label

ov80e934802 rf transceiver

433 mhz rf signals

authentication

security vulnerability

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

34.0%

JSON

The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing.

Affected configurations

Nvd

Node

electronic_shelf_label_protocol_projectelectronic_shelf_label_protocolMatch-

VendorProductVersionCPE
electronic_shelf_label_protocol_projectelectronic_shelf_label_protocol-cpe:2.3:a:electronic_shelf_label_protocol_project:electronic_shelf_label_protocol:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
electronic_shelf_label_protocol_project	electronic_shelf_label_protocol	-	cpe:2.3:a:electronic_shelf_label_protocol_project:electronic_shelf_label_protocol:-:::::::*

References

packetstormsecurity.com/files/170177/Zhuhai-Suny-Technology-ESL-Tag-Forgery-Replay-Attacks.html

seclists.org/fulldisclosure/2022/Dec/6

www.youtube.com/watch?v=FQRMNjZVlHg

Social References

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

34.0%

JSON

Related for CVE-2022-45914