CVE-2023-37220 - Vulnerability Details

- Synel Terminals - CWE-494: Download of Code Without Integrity Check

Description

Synel Terminals - CWE-494: Download of Code Without Integrity Check

Published: 2023-09-03

Score: 7.2 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Synel

Terminals

unaffected

Version	Status	Constraints
`All versions`	affected	< Upgrade to version 3015.1

Configuration 1 [-]

AND

cpe:2.3:o:synel:synergy\/a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:synergy\/a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:synel:synergy_touch_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:synergy_touch:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:synel:synergy_10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:synergy_10:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:synel:synergy_5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:synergy_5:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:synel:sy-910_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-910:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:synel:synergy\/x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:synergy\/x:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:synel:sy110_face_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy110_face:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:synel:bioentry-w2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:bioentry-w2:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:synel:biolite-n2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:biolite-n2:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:synel:bioentry_p2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:bioentry_p2:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:synel:sy-711_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-711:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:synel:sy-715_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-715:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:synel:sy-751_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-751:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:synel:sy-755_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-755:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:synel:sy-777_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-777:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:synel:sy-785_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-785:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:synel:sy-765_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-765:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:synel:sy-7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-7500:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:synel:sy-745_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-745:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:synel:sy-780_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:sy-780:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:synel:synergy_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:synel:synergy:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

Vendor Solution

Upgrade to version 3015.1

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-41140	Synel Terminals - CWE-494: Download of Code Without Integrity Check

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00048.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.gov.il/en/Departments/faq/cve_advisories

History

Tue, 01 Oct 2024 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Synel terminals
CPEs		cpe:2.3:a:synel:terminals::::::::
Vendors & Products		Synel terminals
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Synel Bioentry-w2 Bioentry-w2 Firmware Bioentry P2 Bioentry P2 Firmware Biolite-n2 Biolite-n2 Firmware Sy-711 Sy-711 Firmware Sy-715 Sy-715 Firmware Sy-745 Sy-745 Firmware Sy-7500 Sy-7500 Firmware Sy-751 Sy-751 Firmware Sy-755 Sy-755 Firmware Sy-765 Sy-765 Firmware Sy-777 Sy-777 Firmware Sy-780 Sy-780 Firmware Sy-785 Sy-785 Firmware Sy-910 Sy-910 Firmware Sy110 Face Sy110 Face Firmware Synergy Synergy\/a Synergy\/a Firmware Synergy\/x Synergy\/x Firmware Synergy 10 Synergy 10 Firmware Synergy 5 Synergy 5 Firmware Synergy Firmware Synergy Touch Synergy Touch Firmware Terminals

MITRE

Status: PUBLISHED

Assigner: INCD

Published: 2023-09-03T13:47:05.388Z

Updated: 2024-10-01T13:07:25.275Z

Reserved: 2023-06-28T20:35:37.792Z

Link: CVE-2023-37220

Vulnrichment

Updated: 2024-08-02T17:09:34.169Z

NVD

Status : Modified

Published: 2023-09-03T14:15:41.587

Modified: 2024-11-21T08:11:13.943

Link: CVE-2023-37220

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-494

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object