{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T08:28:00.005","vulnerabilities":[{"cve":{"id":"CVE-2023-33222","sourceIdentifier":"a87f365f-9d39-4848-9b3a-58c7cae69cab","published":"2023-12-15T12:15:44.130","lastModified":"2024-11-21T08:05:10.250","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"\n\n\n\n\n\n\n\n\nWhen handling contactless cards, usage of a specific function to get additional information from the card which doesn't \ncheck the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a \npotential Remote Code Execution on the targeted device\n\n\n\n\n\n\n\n"},{"lang":"es","value":"Al manejar tarjetas sin contacto, se utiliza una función específica para obtener información adicional de la tarjeta que no verifica el límite de los datos recibidos durante la lectura. Esto permite un desbordamiento de búfer en la región stack de la memoria que podría provocar una posible ejecución remota de código en el dispositivo de destino."}],"metrics":{"cvssMetricV31":[{"source":"a87f365f-9d39-4848-9b3a-58c7cae69cab","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"a87f365f-9d39-4848-9b3a-58c7cae69cab","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:idemia:sigma_lite_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"4.15.5","matchCriteriaId":"983A7DAD-1995-4A8A-8714-D47D4E90ABF2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:idemia:sigma_lite:-:*:*:*:*:*:*:*","matchCriteriaId":"E2F8847F-E51A-4A64-A2D4-FCDD193E7AFA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:idemia:sigma_lite\\+_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"4.15.5","matchCriteriaId":"A2582E12-D19F-4660-A98C-6941C8C9081D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:idemia:sigma_lite\\+:-:*:*:*:*:*:*:*","matchCriteriaId":"2BB49653-25EA-4F69-A1B7-0ACA58F85FF1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:idemia:sigma_extreme_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"4.15.5","matchCriteriaId":"865DE0C9-5384-45BD-AF81-5C416FCB962A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:idemia:sigma_extreme:-:*:*:*:*:*:*:*","matchCriteriaId":"4FB05B6D-7D4C-4148-A05A-751B272B0E25"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:idemia:sigma_wide_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"4.15.5","matchCriteriaId":"8E2D74C2-6C83-4111-B410-E81C7414309B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:idemia:sigma_wide:-:*:*:*:*:*:*:*","matchCriteriaId":"BE86F813-6021-4FEB-86A9-B7013EEB4416"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:idemia:morphowave_compact_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.12.2","matchCriteriaId":"8BDA2ED3-4875-45EB-8489-8C6B8F44EF2A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:idemia:morphowave_compact:-:*:*:*:*:*:*:*","matchCriteriaId":"B36E662E-C713-47E5-B07E-F0D9F1C63E9D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:idemia:morphowave_xp_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.12.2","matchCriteriaId":"AEAD097B-E5A8-492F-9ABB-75D5D15A8F9F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:idemia:morphowave_xp:-:*:*:*:*:*:*:*","matchCriteriaId":"2FA7252B-5871-4A13-B41D-752A5EA276F1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.12.2","matchCriteriaId":"1ED8DCF7-F85C-4513-BF69-5FE2D7185A96"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:idemia:visionpass:-:*:*:*:*:*:*:*","matchCriteriaId":"CDABE653-294E-478C-B458-F9A1206A0E7E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:idemia:morphowave_sp_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.7","matchCriteriaId":"BF554F0F-8E5D-40A2-A676-8984AB685CEE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:idemia:morphowave_sp:-:*:*:*:*:*:*:*","matchCriteriaId":"AFD369B0-119B-497B-9353-AB5E5E267FF9"}]}]}],"references":[{"url":"https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf","source":"a87f365f-9d39-4848-9b3a-58c7cae69cab","tags":["Vendor Advisory"]},{"url":"https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}