Idemia Sigma Wide Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Idemia Sigma Wide Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2021-35522 — CVSS 9.8 (critical): A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4…
CVE-2023-33218 — CVSS 9.1 (critical): The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to…
CVE-2023-33219 — CVSS 9.1 (critical): The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. This…
CVE-2023-33220 — CVSS 9.1 (critical): During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This…
CVE-2023-4667 — CVSS 8.1 (high): The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored…
CVE-2023-33217 — CVSS 7.5 (high): By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service…
CVE-2023-33221 — CVSS 6.8 (medium): When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data…
CVE-2023-33222 — CVSS 6.8 (medium): When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary…