← Back to home
ICSA-23-348-02  ·  Published 2023-12-14  ·  View on CISA ICS-CERT ↗

Johnson Controls Kantech Gen1 ioSmart

CVSS 7.5 HIGH

Risk Summary

An attacker with physical access to the Kantech Gen1 ioSmart card reader in certain circumstances can recover the reader's communication memory between the card and reader.

CVEs (1)

Remediations

  • Johnson Controls recommends users update their Kantech Gen1 ioSmart card reader firmware to version 1.7.2 or higher.
  • Johnson Controls also makes the following recommendations and wishes to provide the following information:
  • Contact technical support for additional information.
  • ioSmart Gen2 card readers are not affected by this vulnerability.
  • Users should contact their local sales representative for ordering information.
  • For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2023-03 v1. Further ICS security notices and product security guidelines can also be found at this website.

Affected Vendors

Sensormatic Electronics, LLC, an affiliate of Johnson Controls Inc.

Affected Products (1)

Sensormatic Electronics, LLC, an affiliate of Johnson Controls Inc. · Kantech Gen1 ioSmart card reader firmware <1.7.2

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more