{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T23:49:09.756","vulnerabilities":[{"cve":{"id":"CVE-2017-17910","sourceIdentifier":"cve@mitre.org","published":"2017-12-29T19:29:00.263","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The interception of the one-time pairing process is specifically not required. Due to use of AES-128 with an initial static random value and static data vector (all of this static information is the same across different customers' installations), the attacker can easily derive the utilized encryption key and decrypt the intercepted packet. The key can be verified by decrypting the intercepted packet and checking for known plaintext. Subsequently, an attacker can create arbitrary radio frames with the correct encryption key to control BiSecur garage and entrance gate operators and possibly other BiSecur systems as well (\"wireless cloning\"). To conduct the attack, a low cost Software Defined Radio (SDR) is sufficient. This affects Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS, and HSE2-868-BS devices."},{"lang":"es","value":"En dispositivos Hoermann BiSecur anteriores a 2018, se puede explotar una vulnerabilidad grabando una única transmisión de radio. Un atacante puede interceptar una trama de radio arbitrario intercambiado entre un transmisor BiSecur y un recibidor para obtener el paquete cifrado y el número de serie de 32 bits. No se requiere específicamente que se intercepte el proceso de emparejamiento por única vez. Debido al uso de AES-128 con un valor inicial estático aleatorio y un vector de datos estático (toda esta información estática es la misma en las instalaciones de diferentes clientes), el atacante puede derivar fácilmente la clave de cifrado empleada y descifrar el paquete interceptado. La clave puede ser verificada mediante el descifrado del paquete interceptado y buscando texto plano conocido. Posteriormente, un atacante puede crear tramas de radio arbitrarios con la clave de cifrado correcta para controlar los operadores de garaje y puerta de entrada de BiSecur y, posiblemente, también otros sistemas BiSecur (\"clonado inalámbrico\"). Para llevar a cabo el ataque, es suficiente con un SDR (Software Defined Radio) de bajo coste. Esto afecta a los dispositivos Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS y HSE2-868-BS."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:N/I:N/A:P","baseScore":3.3,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":6.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-330"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hoermann:hs5-868-bs_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9CE0922C-0F62-48C9-8734-DE25CACD3FAF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hoermann:hs5-868-bs:-:*:*:*:*:*:*:*","matchCriteriaId":"59215ABD-F0FE-4237-9513-DB3F44AAAA89"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hoermann:hse2-868-bs_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"91B4FA76-297B-43A6-AC1B-9DFFFD8BF216"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hoermann:hse2-868-bs:-:*:*:*:*:*:*:*","matchCriteriaId":"B366C77A-2C10-44BF-BD30-9A2BE88207B4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hoermann:hse1-868-bs_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2CD07F87-C943-496F-B404-1A5F399CBC4B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hoermann:hse1-868-bs:-:*:*:*:*:*:*:*","matchCriteriaId":"C930EACE-548B-418B-B638-571F28E53E38"}]}]}],"references":[{"url":"https://docs.wixstatic.com/ugd/28ba71_6ecc3158975a484d827e935edda4fa17.pdf","source":"cve@mitre.org","tags":["Technical Description","Third Party Advisory"]},{"url":"https://www.trustworks.at/publications","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://docs.wixstatic.com/ugd/28ba71_6ecc3158975a484d827e935edda4fa17.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]},{"url":"https://www.trustworks.at/publications","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}