GCVE - cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Idemia (`b38ec3ed-ed92-597c-8630-014f9bdb208a`)
Product	Visionpass Firmware (`910f93cf-8abf-5e69-9032-1a5bf600c79f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-4667`	vulnerable	2026-06-03 14:53:29.271354	Stored Cross Site Scripting in webserver administration HIGH (8.1) The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface. The root cause of the vulnerability is inadequate input validation and output encoding in the web administration interface component of the firmware. This could lead to unauthorized access and data leakage Published: 2023-11-28T08:09:10.450Z Updated: 2024-10-17T16:26:43.231Z Open on db.gcve.eu Reference links https://www.idemia.com/vulnerability-information	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-33222`	vulnerable	2026-06-03 14:52:13.211239	Stack buffer overflow when reading DESFire card MEDIUM (6.8) When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device Published: 2023-12-15T11:33:17.760Z Updated: 2024-08-02T15:39:35.827Z Open on db.gcve.eu Reference links https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-33221`	vulnerable	2026-06-03 14:52:13.210326	Heap Buffer Overflow when reading DESFire card MEDIUM (6.8) When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key. Published: 2023-12-15T11:32:48.427Z Updated: 2024-08-02T15:39:35.729Z Open on db.gcve.eu Reference links https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-33220`	vulnerable	2026-06-03 14:52:13.209350	Stack Buffer Overflow when checking some attributes during retrofit CRITICAL (9.1) During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device Published: 2023-12-15T11:32:14.742Z Updated: 2024-08-02T15:39:35.750Z Open on db.gcve.eu Reference links https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-33219`	vulnerable	2026-06-03 14:52:13.208315	Stack Buffer Overflow when checking retrofit package CRITICAL (9.1) The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device Published: 2023-12-15T11:31:45.798Z Updated: 2024-08-02T15:39:35.844Z Open on db.gcve.eu Reference links https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-33218`	vulnerable	2026-06-03 14:52:13.207470	Stack Buffer Overflow in a binary run at upgrade startup CRITICAL (9.1) The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to a Remote Code execution on the targeted device. Published: 2023-12-15T11:31:27.575Z Updated: 2024-08-02T15:39:35.856Z Open on db.gcve.eu Reference links https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-33217`	vulnerable	2026-06-03 14:52:13.203871	Missing integrity check on upgrade package HIGH (7.5) By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer Published: 2023-12-15T10:45:30.637Z Updated: 2024-08-02T15:39:35.734Z Open on db.gcve.eu Reference links https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.