Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities by sciener
CVE-2023-7005 (GCVE-0-2023-7005)
Vulnerability from nvd – Published: 2024-12-19 17:35 – Updated: 2025-11-04 18:22
VLAI
Title
CVE-2023-7005
Summary
A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-757 - Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
- CWE-noinfo Not enough information
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | TTLock App |
Affected:
6.4.5 , ≤ 6.4.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T17:42:17.781968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T17:47:11.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:07.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TTLock App",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-757: Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T17:35:45.594Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7005",
"x_generator": {
"engine": "VINCE 3.0.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7005"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7005",
"datePublished": "2024-12-19T17:35:45.594Z",
"dateReserved": "2023-12-20T14:58:39.182Z",
"dateUpdated": "2025-11-04T18:22:07.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7017 (GCVE-0-2023-7017)
Vulnerability from nvd – Published: 2024-03-15 17:07 – Updated: 2025-11-04 18:22
VLAI
Title
CVE-2023-7017
Summary
Sciener locks' firmware update mechanism do not authenticate or validate firmware updates if passed to the lock through the Bluetooth Low Energy service. A challenge request can be sent to the lock with a command to prepare for an update, rather than an unlock request, allowing an attacker to compromise the device.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | Kontrol Lux |
Affected:
6.5.x , ≤ 6.5.07
(custom)
|
|
| sciener | kontrol_lux_firmware |
Affected:
6.5.x , ≤ 6.5.07
(custom)
cpe:2.3:o:sciener:kontrol_lux_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:12.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
},
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:sciener:kontrol_lux_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kontrol_lux_firmware",
"vendor": "sciener",
"versions": [
{
"lessThanOrEqual": "6.5.07",
"status": "affected",
"version": "6.5.x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-15T19:25:24.356996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T16:26:36.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kontrol Lux",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.5.07",
"status": "affected",
"version": "6.5.x",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sciener locks\u0027 firmware update mechanism do not authenticate or validate firmware updates if passed to the lock through the Bluetooth Low Energy service. A challenge request can be sent to the lock with a command to prepare for an update, rather than an unlock request, allowing an attacker to compromise the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T17:07:28.081Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7017",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7017"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7017",
"datePublished": "2024-03-15T17:07:28.081Z",
"dateReserved": "2023-12-20T15:50:30.248Z",
"dateUpdated": "2025-11-04T18:22:12.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7009 (GCVE-0-2023-7009)
Vulnerability from nvd – Published: 2024-03-15 17:07 – Updated: 2025-11-04 18:22
VLAI
Title
CVE-2023-7009
Summary
Some Sciener-based locks support plaintext message processing over Bluetooth Low Energy, allowing unencrypted malicious commands to be passed to the lock. These malicious commands, less then 16 bytes in length, will be processed by the lock as if they were encrypted communications. This can be further exploited by an attacker to compromise the lock's integrity.
Severity
8.2 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | Kontrol Lux |
Affected:
6.5.x , ≤ 6.5.07
(custom)
|
|
| sciener | kontrol_lux_firmware |
Affected:
6.5 , ≤ 6.5.07
(custom)
cpe:2.3:a:sciener:kontrol_lux_firmware:6.5:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sciener:kontrol_lux_firmware:6.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kontrol_lux_firmware",
"vendor": "sciener",
"versions": [
{
"lessThanOrEqual": "6.5.07",
"status": "affected",
"version": "6.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7009",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T15:09:45.609770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T15:11:10.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:11.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
},
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kontrol Lux",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.5.07",
"status": "affected",
"version": "6.5.x",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Sciener-based locks support plaintext message processing over Bluetooth Low Energy, allowing unencrypted malicious commands to be passed to the lock. These malicious commands, less then 16 bytes in length, will be processed by the lock as if they were encrypted communications. This can be further exploited by an attacker to compromise the lock\u0027s integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-311 Missing Encryption of Sensitive Data",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T17:07:48.318Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7009",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7009"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7009",
"datePublished": "2024-03-15T17:07:48.318Z",
"dateReserved": "2023-12-20T15:34:13.342Z",
"dateUpdated": "2025-11-04T18:22:11.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7007 (GCVE-0-2023-7007)
Vulnerability from nvd – Published: 2024-03-15 17:08 – Updated: 2025-11-04 18:22
VLAI
Title
CVE-2023-7007
Summary
Sciener server does not validate connection requests from the GatewayG2, allowing an impersonation attack that provides the attacker the unlockKey field.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | Gateway G2 |
Affected:
6.0.0 , ≤ 6.0.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T16:16:50.033419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T20:45:35.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:10.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
},
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gateway G2",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.0.0",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sciener server does not validate connection requests from the GatewayG2, allowing an impersonation attack that provides the attacker the unlockKey field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-287 Improper Authentication",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T17:08:58.433Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7007",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7007"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7007",
"datePublished": "2024-03-15T17:08:58.433Z",
"dateReserved": "2023-12-20T15:10:21.189Z",
"dateUpdated": "2025-11-04T18:22:10.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7006 (GCVE-0-2023-7006)
Vulnerability from nvd – Published: 2024-03-15 17:08 – Updated: 2025-11-04 18:22
VLAI
Title
CVE-2023-7006
Summary
The unlockKey character in a lock using Sciener firmware can be brute forced through repeated challenge requests, compromising the locks integrity.
Severity
9.1 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | Kontrol Lux |
Affected:
6.4.5 , ≤ 6.4.5
(custom)
|
|
| sciener | kontrol_lux_firmware |
Affected:
6.4.5
cpe:2.3:o:sciener:kontrol_lux_firmware:6.4.5:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:09.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
},
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:sciener:kontrol_lux_firmware:6.4.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kontrol_lux_firmware",
"vendor": "sciener",
"versions": [
{
"status": "affected",
"version": "6.4.5"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7006",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T20:21:20.081326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T20:23:32.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kontrol Lux",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The unlockKey character in a lock using Sciener firmware can be brute forced through repeated challenge requests, compromising the locks integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-799: Improper Control of Interaction Frequency",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T17:08:34.433Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7006",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7006"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7006",
"datePublished": "2024-03-15T17:08:34.433Z",
"dateReserved": "2023-12-20T14:58:53.216Z",
"dateUpdated": "2025-11-04T18:22:09.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7004 (GCVE-0-2023-7004)
Vulnerability from nvd – Published: 2024-03-15 17:08 – Updated: 2025-11-04 18:22
VLAI
Title
CVE-2023-7004
Summary
The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 Cleartext Transmission of Sensitive Information
- CWE-940 - Improper Verification of Source of a Communication Channel
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | TTLock App |
Affected:
6.4.5 , ≤ 6.4.5
(custom)
|
|
| sciener | ttlock_app |
Affected:
6.4.5
cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:06.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
},
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ttlock_app",
"vendor": "sciener",
"versions": [
{
"status": "affected",
"version": "6.4.5"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7004",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T18:47:46.273560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-940",
"description": "CWE-940 Improper Verification of Source of a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T16:11:15.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TTLock App",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T17:08:11.547Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7004",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7004"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7004",
"datePublished": "2024-03-15T17:08:11.547Z",
"dateReserved": "2023-12-20T14:56:26.682Z",
"dateUpdated": "2025-11-04T18:22:06.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7003 (GCVE-0-2023-7003)
Vulnerability from nvd – Published: 2024-03-15 17:09 – Updated: 2025-11-04 18:22
VLAI
Title
CVE-2023-7003
Summary
The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to compromise other locks using the Sciener firmware.
Severity
6.8 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-323 - Reusing a Nonce, Key Pair in Encryption
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | Kontrol Lux |
Affected:
6.5.x , ≤ 6.5.07
(custom)
|
|
| sciener | ttlock_app |
Affected:
6.5.0 , ≤ 6.5.07
(custom)
cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:05.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
},
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ttlock_app",
"vendor": "sciener",
"versions": [
{
"lessThanOrEqual": "6.5.07",
"status": "affected",
"version": "6.5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7003",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-19T15:26:50.526350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T23:18:09.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kontrol Lux",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.5.07",
"status": "affected",
"version": "6.5.x",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to compromise other locks using the Sciener firmware."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-323",
"description": "CWE-323 Reusing a Nonce, Key Pair in Encryption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:42:55.921Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7003",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7003",
"datePublished": "2024-03-15T17:09:14.442Z",
"dateReserved": "2023-12-20T14:56:09.534Z",
"dateUpdated": "2025-11-04T18:22:05.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-6960 (GCVE-0-2023-6960)
Vulnerability from nvd – Published: 2024-03-15 17:09 – Updated: 2025-11-04 18:22
VLAI
Title
CVE-2023-6960
Summary
TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | TTLock App |
Affected:
6.4.5 , ≤ 6.4.5
(custom)
|
|
| sciener | ttlock_app |
Affected:
0 , ≤ 6.4.5
(custom)
cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ttlock_app",
"vendor": "sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-6960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T14:03:29.310178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:27:57.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:04.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
},
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TTLock App",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-324: Use of a Key Past its Expiration Date",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-603: Use of Client-Side Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T17:09:26.926Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-6960",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-6960"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-6960",
"datePublished": "2024-03-15T17:09:26.926Z",
"dateReserved": "2023-12-19T19:28:41.442Z",
"dateUpdated": "2025-11-04T18:22:04.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7005 (GCVE-0-2023-7005)
Vulnerability from cvelistv5 – Published: 2024-12-19 17:35 – Updated: 2025-11-04 18:22
VLAI
Title
CVE-2023-7005
Summary
A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-757 - Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
- CWE-noinfo Not enough information
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | TTLock App |
Affected:
6.4.5 , ≤ 6.4.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T17:42:17.781968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T17:47:11.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:07.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TTLock App",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-757: Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T17:35:45.594Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7005",
"x_generator": {
"engine": "VINCE 3.0.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7005"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7005",
"datePublished": "2024-12-19T17:35:45.594Z",
"dateReserved": "2023-12-20T14:58:39.182Z",
"dateUpdated": "2025-11-04T18:22:07.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-6960 (GCVE-0-2023-6960)
Vulnerability from cvelistv5 – Published: 2024-03-15 17:09 – Updated: 2025-11-04 18:22
VLAI
Title
CVE-2023-6960
Summary
TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | TTLock App |
Affected:
6.4.5 , ≤ 6.4.5
(custom)
|
|
| sciener | ttlock_app |
Affected:
0 , ≤ 6.4.5
(custom)
cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ttlock_app",
"vendor": "sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-6960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T14:03:29.310178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:27:57.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:04.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
},
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TTLock App",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-324: Use of a Key Past its Expiration Date",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-603: Use of Client-Side Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T17:09:26.926Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-6960",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-6960"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-6960",
"datePublished": "2024-03-15T17:09:26.926Z",
"dateReserved": "2023-12-19T19:28:41.442Z",
"dateUpdated": "2025-11-04T18:22:04.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7003 (GCVE-0-2023-7003)
Vulnerability from cvelistv5 – Published: 2024-03-15 17:09 – Updated: 2025-11-04 18:22
VLAI
Title
CVE-2023-7003
Summary
The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to compromise other locks using the Sciener firmware.
Severity
6.8 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-323 - Reusing a Nonce, Key Pair in Encryption
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | Kontrol Lux |
Affected:
6.5.x , ≤ 6.5.07
(custom)
|
|
| sciener | ttlock_app |
Affected:
6.5.0 , ≤ 6.5.07
(custom)
cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:05.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
},
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ttlock_app",
"vendor": "sciener",
"versions": [
{
"lessThanOrEqual": "6.5.07",
"status": "affected",
"version": "6.5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7003",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-19T15:26:50.526350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T23:18:09.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kontrol Lux",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.5.07",
"status": "affected",
"version": "6.5.x",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to compromise other locks using the Sciener firmware."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-323",
"description": "CWE-323 Reusing a Nonce, Key Pair in Encryption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:42:55.921Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7003",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7003",
"datePublished": "2024-03-15T17:09:14.442Z",
"dateReserved": "2023-12-20T14:56:09.534Z",
"dateUpdated": "2025-11-04T18:22:05.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7007 (GCVE-0-2023-7007)
Vulnerability from cvelistv5 – Published: 2024-03-15 17:08 – Updated: 2025-11-04 18:22
VLAI
Title
CVE-2023-7007
Summary
Sciener server does not validate connection requests from the GatewayG2, allowing an impersonation attack that provides the attacker the unlockKey field.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | Gateway G2 |
Affected:
6.0.0 , ≤ 6.0.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T16:16:50.033419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T20:45:35.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:10.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
},
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gateway G2",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.0.0",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sciener server does not validate connection requests from the GatewayG2, allowing an impersonation attack that provides the attacker the unlockKey field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-287 Improper Authentication",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T17:08:58.433Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7007",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7007"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7007",
"datePublished": "2024-03-15T17:08:58.433Z",
"dateReserved": "2023-12-20T15:10:21.189Z",
"dateUpdated": "2025-11-04T18:22:10.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7006 (GCVE-0-2023-7006)
Vulnerability from cvelistv5 – Published: 2024-03-15 17:08 – Updated: 2025-11-04 18:22
VLAI
Title
CVE-2023-7006
Summary
The unlockKey character in a lock using Sciener firmware can be brute forced through repeated challenge requests, compromising the locks integrity.
Severity
9.1 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | Kontrol Lux |
Affected:
6.4.5 , ≤ 6.4.5
(custom)
|
|
| sciener | kontrol_lux_firmware |
Affected:
6.4.5
cpe:2.3:o:sciener:kontrol_lux_firmware:6.4.5:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:09.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
},
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:sciener:kontrol_lux_firmware:6.4.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kontrol_lux_firmware",
"vendor": "sciener",
"versions": [
{
"status": "affected",
"version": "6.4.5"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7006",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T20:21:20.081326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T20:23:32.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kontrol Lux",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The unlockKey character in a lock using Sciener firmware can be brute forced through repeated challenge requests, compromising the locks integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-799: Improper Control of Interaction Frequency",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T17:08:34.433Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7006",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7006"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7006",
"datePublished": "2024-03-15T17:08:34.433Z",
"dateReserved": "2023-12-20T14:58:53.216Z",
"dateUpdated": "2025-11-04T18:22:09.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7004 (GCVE-0-2023-7004)
Vulnerability from cvelistv5 – Published: 2024-03-15 17:08 – Updated: 2025-11-04 18:22
VLAI
Title
CVE-2023-7004
Summary
The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 Cleartext Transmission of Sensitive Information
- CWE-940 - Improper Verification of Source of a Communication Channel
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | TTLock App |
Affected:
6.4.5 , ≤ 6.4.5
(custom)
|
|
| sciener | ttlock_app |
Affected:
6.4.5
cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:06.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
},
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ttlock_app",
"vendor": "sciener",
"versions": [
{
"status": "affected",
"version": "6.4.5"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7004",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T18:47:46.273560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-940",
"description": "CWE-940 Improper Verification of Source of a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T16:11:15.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TTLock App",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T17:08:11.547Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7004",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7004"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7004",
"datePublished": "2024-03-15T17:08:11.547Z",
"dateReserved": "2023-12-20T14:56:26.682Z",
"dateUpdated": "2025-11-04T18:22:06.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7009 (GCVE-0-2023-7009)
Vulnerability from cvelistv5 – Published: 2024-03-15 17:07 – Updated: 2025-11-04 18:22
VLAI
Title
CVE-2023-7009
Summary
Some Sciener-based locks support plaintext message processing over Bluetooth Low Energy, allowing unencrypted malicious commands to be passed to the lock. These malicious commands, less then 16 bytes in length, will be processed by the lock as if they were encrypted communications. This can be further exploited by an attacker to compromise the lock's integrity.
Severity
8.2 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | Kontrol Lux |
Affected:
6.5.x , ≤ 6.5.07
(custom)
|
|
| sciener | kontrol_lux_firmware |
Affected:
6.5 , ≤ 6.5.07
(custom)
cpe:2.3:a:sciener:kontrol_lux_firmware:6.5:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sciener:kontrol_lux_firmware:6.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kontrol_lux_firmware",
"vendor": "sciener",
"versions": [
{
"lessThanOrEqual": "6.5.07",
"status": "affected",
"version": "6.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7009",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T15:09:45.609770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T15:11:10.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:11.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
},
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kontrol Lux",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.5.07",
"status": "affected",
"version": "6.5.x",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Sciener-based locks support plaintext message processing over Bluetooth Low Energy, allowing unencrypted malicious commands to be passed to the lock. These malicious commands, less then 16 bytes in length, will be processed by the lock as if they were encrypted communications. This can be further exploited by an attacker to compromise the lock\u0027s integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-311 Missing Encryption of Sensitive Data",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T17:07:48.318Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7009",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7009"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7009",
"datePublished": "2024-03-15T17:07:48.318Z",
"dateReserved": "2023-12-20T15:34:13.342Z",
"dateUpdated": "2025-11-04T18:22:11.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7017 (GCVE-0-2023-7017)
Vulnerability from cvelistv5 – Published: 2024-03-15 17:07 – Updated: 2025-11-04 18:22
VLAI
Title
CVE-2023-7017
Summary
Sciener locks' firmware update mechanism do not authenticate or validate firmware updates if passed to the lock through the Bluetooth Low Energy service. A challenge request can be sent to the lock with a command to prepare for an update, rather than an unlock request, allowing an attacker to compromise the device.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | Kontrol Lux |
Affected:
6.5.x , ≤ 6.5.07
(custom)
|
|
| sciener | kontrol_lux_firmware |
Affected:
6.5.x , ≤ 6.5.07
(custom)
cpe:2.3:o:sciener:kontrol_lux_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:12.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
},
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:sciener:kontrol_lux_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kontrol_lux_firmware",
"vendor": "sciener",
"versions": [
{
"lessThanOrEqual": "6.5.07",
"status": "affected",
"version": "6.5.x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-15T19:25:24.356996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T16:26:36.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kontrol Lux",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.5.07",
"status": "affected",
"version": "6.5.x",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sciener locks\u0027 firmware update mechanism do not authenticate or validate firmware updates if passed to the lock through the Bluetooth Low Energy service. A challenge request can be sent to the lock with a command to prepare for an update, rather than an unlock request, allowing an attacker to compromise the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T17:07:28.081Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7017",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7017"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7017",
"datePublished": "2024-03-15T17:07:28.081Z",
"dateReserved": "2023-12-20T15:50:30.248Z",
"dateUpdated": "2025-11-04T18:22:12.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}