Sign-up

ID

VAR-201911-1284


CVE

CVE-2019-14360


TITLE

Hyundai Pay Kasse HK-1000 Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-39760 // CNNVD: CNNVD-201911-044

DESCRIPTION

On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. The vulnerability originates from network system or product configuration errors during operation. Unauthorized attackers can use the vulnerability to obtain sensitive information about affected components

Trust: 2.16

sources: NVD: CVE-2019-14360 // JVNDB: JVNDB-2019-011617 // CNVD: CNVD-2019-39760

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-39760

AFFECTED PRODUCTS

vendor:hyundai paymodel:hk-1000scope:eqversion: -

Trust: 1.6

vendor:hyundai motor americamodel:kasse hk-1000scope: - version: -

Trust: 0.8

vendor:kassemodel:hyundai pay kasse hk-1000scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-39760 // JVNDB: JVNDB-2019-011617 // CNNVD: CNNVD-201911-044 // NVD: CVE-2019-14360

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14360
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-14360
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-39760
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-044
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-14360
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-39760
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-14360
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-14360
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-39760 // JVNDB: JVNDB-2019-011617 // CNNVD: CNNVD-201911-044 // NVD: CVE-2019-14360

PROBLEMTYPE DATA

problemtype:CWE-203

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-011617 // NVD: CVE-2019-14360

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201911-044

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011617

PATCH
title:Top Pageurl:https://www.hyundaiusa.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-011617

EXTERNAL IDS
db:NVDid:CVE-2019-14360
Trust: 3.0
db:JVNDBid:JVNDB-2019-011617
Trust: 0.8
db:CNVDid:CNVD-2019-39760
Trust: 0.6
db:CNNVDid:CNNVD-201911-044
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-39760 // 
            
            
            
            JVNDB: JVNDB-2019-011617 // 
            
            
            
            CNNVD: CNNVD-201911-044 // 
            
            
            
            NVD: CVE-2019-14360

REFERENCES
url:https://blog.inhq.net/posts/oled-side-channel-status-summary/
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-14360
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14360
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-39760 // 
            
            
            
            JVNDB: JVNDB-2019-011617 // 
            
            
            
            CNNVD: CNNVD-201911-044 // 
            
            
            
            NVD: CVE-2019-14360

SOURCES
db:CNVDid:CNVD-2019-39760
db:JVNDBid:JVNDB-2019-011617
db:CNNVDid:CNNVD-201911-044
db:NVDid:CVE-2019-14360

LAST UPDATE DATE
2024-11-23T21:51:50.212000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-39760date:2019-11-08T00:00:00
db:JVNDBid:JVNDB-2019-011617date:2019-11-14T00:00:00
db:CNNVDid:CNNVD-201911-044date:2019-11-08T00:00:00
db:NVDid:CVE-2019-14360date:2024-11-21T04:26:35.410

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-39760date:2019-11-08T00:00:00
db:JVNDBid:JVNDB-2019-011617date:2019-11-14T00:00:00
db:CNNVDid:CNNVD-201911-044date:2019-11-02T00:00:00
db:NVDid:CVE-2019-14360date:2019-11-02T17:15:10.820