CVE-2021-38394

An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted.
References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:bostonscientific:zoom_latitude_pogrammer\/recorder\/monitor_3120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bostonscientific:zoom_latitude_pogrammer\/recorder\/monitor_3120:-:*:*:*:*:*:*:*

Information

Published : 2021-10-04 11:15

Updated : 2021-10-13 12:48


NVD link : CVE-2021-38394

Mitre link : CVE-2021-38394


JSON object : View

CWE
CWE-1278

Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques

Products Affected

bostonscientific

  • zoom_latitude_pogrammer\/recorder\/monitor_3120
  • zoom_latitude_pogrammer\/recorder\/monitor_3120_firmware