Skip to main content

Sigma Lite Firmware

7 CVEs product

Monthly

CVE-2023-33222 CRITICAL Act Now

When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Sigma Lite Firmware Sigma Extreme Firmware +5
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-33221 CRITICAL Act Now

When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sigma Lite Firmware Sigma Extreme Firmware Sigma Wide Firmware +4
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-33220 CRITICAL Act Now

During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Sigma Lite Firmware Sigma Extreme Firmware +5
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-33219 CRITICAL Act Now

The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Sigma Lite Firmware Sigma Extreme Firmware +5
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-33218 CRITICAL Act Now

The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Sigma Lite Firmware Sigma Extreme Firmware +5
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-33217 HIGH This Week

By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sigma Lite Firmware Sigma Extreme Firmware Sigma Wide Firmware Morphowave Compact Firmware +3
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-35522 CRITICAL PATCH Act Now

A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Information Disclosure Morphowave Compact Mdpi Firmware +9
NVD
CVSS 3.1
9.8
EPSS
3.7%
EPSS 1% CVSS 9.8
CRITICAL Act Now

When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE +7
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sigma Lite Firmware +6
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE +7
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE +7
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE +7
NVD
EPSS 1% CVSS 7.5
HIGH This Week

By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sigma Lite Firmware Sigma Extreme Firmware +5
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption +11
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy