CVE-2019-7589

A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and...

EUVD-2019-17127

Malware in sbrugna...

EUVD-2020-29875

Malware in sbrugna...

EUVD-2023-12329

Malicious code in bioql PyPI...

CVE-2020-9046

A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files...

CVE-2024-32754 Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information...

CVE-2024-32754 Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information...

Johnson Controls Kantech KT1, KT2, KT400 Security Vulnerability

The Johnson Controls Kantech KT1 is an Ethernet-enabled single-door controller.The Johnson Controls Kantech KT2 is an Ethernet-enabled two-door controller.The Johnson Controls Kantech KT400 is an Ethernet-enabled four-door controller. The Johnson Controls Kantech KT400 is an Ethernet-enabled...

Johnson Controls Kantech Door Controllers

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 3.1 ATTENTION : Exploitable via adjacent network Vendor : Johnson Controls, Inc. Equipment : Kantech KT1, KT2, KT400 Door Controllers Vulnerability : Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of...

CVE-2023-0248

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader...

CVE-2023-0248

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader...

CVE-2023-0248 Kantech Gen1 ioSmart card reader

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader...

CVE-2023-0248 Kantech Gen1 ioSmart card reader

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader...

CVE-2023-0248

CVE-2023-0248 affects Kantech Gen1 ioSmart card reader firmware versions prior to 1.7.02. The vulnerability allows an attacker with physical access to recover the reader’s communication memory between the card and reader in certain circumstances. Reported CVSS v3.1 base scores include a 7.5 HIGH ...

PT-2023-16111 · Kantech · Kantech Gen1 Iosmart Card Reader

Name of the Vulnerable Software and Affected Versions: Kantech Gen1 ioSmart card reader versions prior to 1.07.02 Description: An attacker with physical access to the Kantech Gen1 ioSmart card reader in certain circumstances can recover the reader's communication memory between the card and reade...

Johnson Controls Kantech EntraPass 安全漏洞

Johnson Controls Kantech EntraPass is a menu-driven security management system from Johnson Controls, Inc. A security vulnerability exists in Johnson Controls Kantech EntraPass, which stems from the fact that, under certain circumstances, an attacker with physical access to the reader could recov...

Johnson Controls Kantech EntraPass Access Control Error Vulnerability

Johnson Controls Kantech EntraPass is a menu-driven security management system from Johnson Controls, Inc. An access control error vulnerability exists in Johnson Controls Kantech EntraPass Professional, Enterprise, and Global versions 8.22 and earlier. The vulnerability can be exploited to gain...

CVE-2020-9046

A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files...

CVE-2020-9046

A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files...

Design/Logic Flaw

A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files...