How to fix CVE-2023-47030?

Within 24 hours: Identify all NCR Terminal Handler v.1.5.1 instances in production; restrict network access to UserService SOAP endpoints to internal networks only; enable detailed logging. Within 7 days: Implement WAF rules to block malicious GET requests to vulnerable endpoints; inventory affected systems and assess exposure scope. Within 30 days: Contact NCR for security guidance and patch timeline; evaluate alternative payment terminal solutions; conduct forensic review for breach indicators.

Is Terminal Handler affected by CVE-2023-47030?

A critical vulnerability in NCR Terminal Handler v.1.5.1 allows attackers to execute arbitrary code and steal sensitive information through publicly accessible payment terminals.

CVE-2023-47030

EUVD-2023-51186 CRITICAL

2025-06-23 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 22:10 euvd

EUVD-2023-51186

Analysis Generated

Mar 15, 2026 - 22:10 vuln.today

CVE Published

Jun 23, 2025 - 20:15 nvd

CRITICAL 9.8

Description

An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists.

Analysis

CVE-2023-47030 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticated attackers to execute arbitrary code and access sensitive information through improper input validation in the UserService SOAP API endpoint. The vulnerability affects point-of-sale and terminal systems used in retail and hospitality environments, enabling complete system compromise without authentication or user interaction.

Technical Context

The vulnerability exists in NCR Terminal Handler's UserService SOAP API endpoint, which implements user existence validation via GET requests without proper input sanitization. The root cause is CWE-94 (Code Injection), indicating that user-supplied input from the GET request is directly interpreted as code without validation or encoding. SOAP (Simple Object Access Protocol) endpoints are common attack surfaces when they accept untrusted input for object manipulation. The vulnerable endpoint fails to properly sanitize parameters passed during user validation checks, allowing attackers to inject malicious code that executes within the terminal handler's security context. This is exacerbated by the SOAP framework's reliance on serialization/deserialization of complex objects, which can be exploited to instantiate arbitrary classes or execute functions.

Affected Products

Terminal Handler (['1.5.1'])

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.8

CVSS: +49

POC: 0

CVE-2023-47030 vulnerability details – vuln.today

Back

CVE-2023-47030

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2023-47030

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code