VAR-201903-0071
Vulnerability from variot - Updated: 2023-12-18 13:52An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the current rolling code state). A security vulnerability exists in ABUSSecvestFUBE50014 and ABUSSecvestFUBE50015 that originated from the program's unencrypted sensitive data. An attacker could exploit the vulnerability to obtain sensitive data from transmitted packets and analyze all packet formats and communication protocols. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Advisory ID: SYSS-2018-035 Product: ABUS Secvest Remote Control (FUBE50014, FUBE50015) Manufacturer: ABUS Affected Version(s): n/a Tested Version(s): n/a Vulnerability Type: Missing Encryption of Sensitive Data (CWE-311) Risk Level: High Solution Status: Open Manufacturer Notification: 2018-11-21 Solution Date: - Public Disclosure: 2019-03-25 CVE Reference: CVE-2019-9862 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert
Overview:
ABUS Secvest FUBE50014 and FUBE50015 are wireless remote controls for
the ABUS Secvest wireless alarm system.
Some of the device features as described by the manufacturer are
(see [1]):
"
* User-friendly remote control with easily identifiable symbols
* Features \x91arm\x92, \x91disarm\x92 and \x91status query\x92 keys
* 8 LEDs provide an overview and display current system status
* Button for custom configuration available (Secvest wireless alarm
system only)
* Optional manual panic alarm available (Secvest wireless alarm system
only)
* Encrypted signal transmission
* Rolling Code
Thanks to the rolling code process this product is protected against
so-called replay attacks. All controlling signals between this product
and the Secvest alarm panel are in individualised and thus, are not
able to be reproduced by third parties. This process is protected
from third party tampering, and exceeds the requirements of the
DIN EN 50131-1 level 2 security standard.
Proof of Concept (PoC):
Thomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz transceiver that allows disarming the alarm system in an unauthorized way. He provided his tool including documentation and source to SySS GmbH for responsible disclosure purposes.
SySS GmbH could successfully perform a disarming attack against an ABUS Secvest wireless alarm system by exploiting the unencrypted signal transmission of the ABUS Secvest wireless remote controls FUBE50014 and FUBE50015 and the predictable rolling code implementation using either Mr. Detert's PoC tool, a developed Python tool for the RFCat-based radio dongle YARD Stick One (see [3]), or a eZ430-Chronos (see [4]) with a specially developed firmware.
Successful disarming attacks against an ABUS Secvest wireless alarm system are shown in our SySS proof-of-concept video "ABUS Secvest Rolling Code PoC Attack" [7].
Solution:
SySS GmbH is not aware of a solution for this reported security
vulnerability.
Disclosure Timeline:
2018-11-21: Vulnerability reported to manufacturer 2018-11-28: Vulnerability reported to manufacturer once more 2018-12-12: E-mail to ABUS support asking if they are going to give some feedback regarding the reported security issue 2018-12-12: Phone call with ABUS support, the reported security advisories were forwarded to the ABUS Security Center Support 2018-12-12: E-mail to ABUS Security Center Support asking if they are going to give some feedback regarding the reported security issue 2019-01-14: Updated information regarding remote control ABUS Secvest FUBE50015 2019-03-25: Public release of security advisory
References:
[1] Product website for ABUS Secvest wireless remote control
https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Secvest-Wireless-Remote-Control2
[2] SySS Security Advisory SYSS-2018-034
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-034.txt
[3] Product website YARD Stick One
https://greatscottgadgets.com/yardstickone/
[4] Product website for Texas Instruments eZ430-Chronos
http://www.ti.com/tool/EZ430-CHRONOS
[5] SySS Security Advisory SYSS-2018-035
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt
[6] SySS GmbH, SySS Responsible Disclosure Policy
https://www.syss.de/en/news/responsible-disclosure-policy/
[7] SySS Proof-of-Concept Video: ABUS Secvest Rolling Code PoC Attack
https://youtu.be/pSdsMVn-7gM
Credits:
This security vulnerability was found by Thomas Detert.
Mr. Detert reported his finding to SySS GmbH where it was verified and later reported to the manufacturer by Matthias Deeg.
E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB
Disclaimer:
The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web
site.
Copyright:
Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlyUoLoACgkQ2aS/ajSt TauU4Q/8CZRBKZPUkuVKjWkxurI4k9zH2+FRpVGlddz7Icx547VJdYUFLmGGXtQW yH5DrxrDJTM6IjPh8l6Dw3Vrf5EwP/AN5NAKKEeWGam+SVtF4jq2xZu7O+XgL5Q7 MO2BrqMFv5v/8R8bYkWTczMcwnznMZB/9xQnFaGr4Tp//LH8VQ54UfQH/7fCgVGT RcHMKKx05EuRD4coU1uogwdsjfXDmY+hTEl9vArV6S6dtqKa1vXv54PN07mvlZNW CvojEpWXmkzlev4mDmS+WsjvDRKDE5AW9Dflg1pcQLH0/20eK4PAjJAlk+2qaxM0 g1t3U6O/pjotp4BxHhrYvcPjAY0iLz4S1yCVte8VdQ1zZ1LQ0+N8zMBx3sp+Sfo0 mCJuj/GBpgtS/AsBcsNiSlHgUhl6tIkhbrocJ5F8f5yx0NLWeSZ+iZPp2IxHqT/b ZZj5xZd+WQjRnwN/Rp5Pe3Fgg/PBiCOpW4BmTiZytkm9fu23u3BDYC3daXzGgQmg WiodnGM/TsLWryuckh5blqP/595PNbvc/zdjofWHkz9fGX29hsvkoXo3AjFBYsFw mbtGKHPO9qod7Gp6xwLUVq4PXMP8Yhrif4/ZzHh2gzNFQ5gFH+6lUYpomwIqyw51 3knWk51fjOd1suaXGzxN87zbhqKhVh+GsopwsrG5OvbSQXhnYIA= =5FYg -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0071",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secvest wireless alarm system fuaa50000",
"scope": "eq",
"trust": 1.8,
"vendor": "abus",
"version": "3.01.01"
},
{
"model": "secvest wireless remote control fube50015",
"scope": "eq",
"trust": 1.0,
"vendor": "abus",
"version": null
},
{
"model": "secvest wireless remote control fube50014",
"scope": "eq",
"trust": 1.0,
"vendor": "abus",
"version": null
},
{
"model": "secvest wireless remote control fube50014",
"scope": null,
"trust": 0.8,
"vendor": "abus",
"version": null
},
{
"model": "secvest wireless remote control fube50015",
"scope": null,
"trust": 0.8,
"vendor": "abus",
"version": null
},
{
"model": "secvest fube50014",
"scope": null,
"trust": 0.6,
"vendor": "abus",
"version": null
},
{
"model": "secvest fube50015",
"scope": null,
"trust": 0.6,
"vendor": "abus",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08180"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002901"
},
{
"db": "NVD",
"id": "CVE-2019-9862"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50014_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50014:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50015_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50015:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9862"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matthias Deeg",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-927"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9862",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-9862",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-08180",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-161297",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-9862",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-9862",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-08180",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-927",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-161297",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08180"
},
{
"db": "VULHUB",
"id": "VHN-161297"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002901"
},
{
"db": "NVD",
"id": "CVE-2019-9862"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-927"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because \"encrypted signal transmission\" is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the current rolling code state). A security vulnerability exists in ABUSSecvestFUBE50014 and ABUSSecvestFUBE50015 that originated from the program\u0027s unencrypted sensitive data. An attacker could exploit the vulnerability to obtain sensitive data from transmitted packets and analyze all packet formats and communication protocols. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAdvisory ID: SYSS-2018-035\nProduct: ABUS Secvest Remote Control (FUBE50014, FUBE50015)\nManufacturer: ABUS\nAffected Version(s): n/a\nTested Version(s): n/a\nVulnerability Type: Missing Encryption of Sensitive Data (CWE-311)\nRisk Level: High\nSolution Status: Open\nManufacturer Notification: 2018-11-21\nSolution Date: -\nPublic Disclosure: 2019-03-25\nCVE Reference: CVE-2019-9862\nAuthors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nOverview:\n\nABUS Secvest FUBE50014 and FUBE50015 are wireless remote controls for\nthe ABUS Secvest wireless alarm system. \n\nSome of the device features as described by the manufacturer are\n(see [1]):\n\n\"\n* User-friendly remote control with easily identifiable symbols\n* Features \\x91arm\\x92, \\x91disarm\\x92 and \\x91status query\\x92 keys\n* 8 LEDs provide an overview and display current system status\n* Button for custom configuration available (Secvest wireless alarm\n system only)\n* Optional manual panic alarm available (Secvest wireless alarm system\n only)\n* Encrypted signal transmission\n* Rolling Code\n Thanks to the rolling code process this product is protected against\n so-called replay attacks. All controlling signals between this product\n and the Secvest alarm panel are in individualised and thus, are not\n able to be reproduced by third parties. This process is protected\n from third party tampering, and exceeds the requirements of the\n DIN EN 50131-1 level 2 security standard. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nProof of Concept (PoC):\n\nThomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz\ntransceiver that allows disarming the alarm system in an unauthorized\nway. He provided his tool including documentation and source to SySS\nGmbH for responsible disclosure purposes. \n\nSySS GmbH could successfully perform a disarming attack against an ABUS\nSecvest wireless alarm system by exploiting the unencrypted signal\ntransmission of the ABUS Secvest wireless remote controls FUBE50014 and\nFUBE50015 and the predictable rolling code implementation using either\nMr. Detert\u0027s PoC tool, a developed Python tool for the RFCat-based radio\ndongle YARD Stick One (see [3]), or a eZ430-Chronos (see [4]) with a\nspecially developed firmware. \n\nSuccessful disarming attacks against an ABUS Secvest wireless alarm\nsystem are shown in our SySS proof-of-concept video \"ABUS Secvest\nRolling Code PoC Attack\" [7]. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSolution:\n\nSySS GmbH is not aware of a solution for this reported security\nvulnerability. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclosure Timeline:\n\n2018-11-21: Vulnerability reported to manufacturer\n2018-11-28: Vulnerability reported to manufacturer once more\n2018-12-12: E-mail to ABUS support asking if they are going to give\n some feedback regarding the reported security issue\n2018-12-12: Phone call with ABUS support, the reported security\n advisories were forwarded to the ABUS Security Center\n Support\n2018-12-12: E-mail to ABUS Security Center Support asking if they are\n going to give some feedback regarding the reported security\n issue\n2019-01-14: Updated information regarding remote control ABUS Secvest\n FUBE50015\n2019-03-25: Public release of security advisory\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nReferences:\n\n[1] Product website for ABUS Secvest wireless remote control\n https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Secvest-Wireless-Remote-Control2\n[2] SySS Security Advisory SYSS-2018-034\n https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-034.txt\n[3] Product website YARD Stick One\n https://greatscottgadgets.com/yardstickone/\n[4] Product website for Texas Instruments eZ430-Chronos\n http://www.ti.com/tool/EZ430-CHRONOS\n[5] SySS Security Advisory SYSS-2018-035\n https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt\n[6] SySS GmbH, SySS Responsible Disclosure Policy\n https://www.syss.de/en/news/responsible-disclosure-policy/\n[7] SySS Proof-of-Concept Video: ABUS Secvest Rolling Code PoC Attack\n https://youtu.be/pSdsMVn-7gM\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCredits:\n\nThis security vulnerability was found by Thomas Detert. \n\nMr. Detert reported his finding to SySS GmbH where it was verified and\nlater reported to the manufacturer by Matthias Deeg. \n\nE-Mail: matthias.deeg (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc\nKey fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclaimer:\n\nThe information provided in this security advisory is provided \"as is\"\nand without warranty of any kind. Details of this security advisory may\nbe updated in order to provide as accurate information as possible. The\nlatest version of this security advisory is available on the SySS Web\nsite. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCopyright:\n\nCreative Commons - Attribution (by) - Version 3.0\nURL: http://creativecommons.org/licenses/by/3.0/deed.en\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlyUoLoACgkQ2aS/ajSt\nTauU4Q/8CZRBKZPUkuVKjWkxurI4k9zH2+FRpVGlddz7Icx547VJdYUFLmGGXtQW\nyH5DrxrDJTM6IjPh8l6Dw3Vrf5EwP/AN5NAKKEeWGam+SVtF4jq2xZu7O+XgL5Q7\nMO2BrqMFv5v/8R8bYkWTczMcwnznMZB/9xQnFaGr4Tp//LH8VQ54UfQH/7fCgVGT\nRcHMKKx05EuRD4coU1uogwdsjfXDmY+hTEl9vArV6S6dtqKa1vXv54PN07mvlZNW\nCvojEpWXmkzlev4mDmS+WsjvDRKDE5AW9Dflg1pcQLH0/20eK4PAjJAlk+2qaxM0\ng1t3U6O/pjotp4BxHhrYvcPjAY0iLz4S1yCVte8VdQ1zZ1LQ0+N8zMBx3sp+Sfo0\nmCJuj/GBpgtS/AsBcsNiSlHgUhl6tIkhbrocJ5F8f5yx0NLWeSZ+iZPp2IxHqT/b\nZZj5xZd+WQjRnwN/Rp5Pe3Fgg/PBiCOpW4BmTiZytkm9fu23u3BDYC3daXzGgQmg\nWiodnGM/TsLWryuckh5blqP/595PNbvc/zdjofWHkz9fGX29hsvkoXo3AjFBYsFw\nmbtGKHPO9qod7Gp6xwLUVq4PXMP8Yhrif4/ZzHh2gzNFQ5gFH+6lUYpomwIqyw51\n3knWk51fjOd1suaXGzxN87zbhqKhVh+GsopwsrG5OvbSQXhnYIA=\n=5FYg\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9862"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002901"
},
{
"db": "CNVD",
"id": "CNVD-2019-08180"
},
{
"db": "VULHUB",
"id": "VHN-161297"
},
{
"db": "PACKETSTORM",
"id": "152217"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-161297",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161297"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9862",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "152217",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002901",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-927",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-08180",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-161297",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08180"
},
{
"db": "VULHUB",
"id": "VHN-161297"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002901"
},
{
"db": "PACKETSTORM",
"id": "152217"
},
{
"db": "NVD",
"id": "CVE-2019-9862"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-927"
}
]
},
"id": "VAR-201903-0071",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08180"
},
{
"db": "VULHUB",
"id": "VHN-161297"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08180"
}
]
},
"last_update_date": "2023-12-18T13:52:24.566000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.abus.com/eng"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002901"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161297"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002901"
},
{
"db": "NVD",
"id": "CVE-2019-9862"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-035.txt"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9862"
},
{
"trust": 1.2,
"url": "https://packetstormsecurity.com/files/152217/abus-secvest-remote-control-eavesdropping-issue.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9862"
},
{
"trust": 0.6,
"url": "http://seclists.org/bugtraq/2019/mar/38"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by/3.0/deed.en"
},
{
"trust": 0.1,
"url": "https://www.abus.com/eng/home-security/alarm-systems/secvest-wireless-alarm-system/control-devices-and-extensions/secvest-wireless-remote-control2"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-034.txt"
},
{
"trust": 0.1,
"url": "https://www.syss.de/en/news/responsible-disclosure-policy/"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/materialien/pgpkeys/matthias_deeg.asc"
},
{
"trust": 0.1,
"url": "https://youtu.be/psdsmvn-7gm"
},
{
"trust": 0.1,
"url": "http://www.ti.com/tool/ez430-chronos"
},
{
"trust": 0.1,
"url": "https://greatscottgadgets.com/yardstickone/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08180"
},
{
"db": "VULHUB",
"id": "VHN-161297"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002901"
},
{
"db": "PACKETSTORM",
"id": "152217"
},
{
"db": "NVD",
"id": "CVE-2019-9862"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-927"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-08180"
},
{
"db": "VULHUB",
"id": "VHN-161297"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002901"
},
{
"db": "PACKETSTORM",
"id": "152217"
},
{
"db": "NVD",
"id": "CVE-2019-9862"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-927"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-08180"
},
{
"date": "2019-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-161297"
},
{
"date": "2019-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002901"
},
{
"date": "2019-03-25T16:07:03",
"db": "PACKETSTORM",
"id": "152217"
},
{
"date": "2019-03-27T14:29:02.097000",
"db": "NVD",
"id": "CVE-2019-9862"
},
{
"date": "2019-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-927"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-08180"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-161297"
},
{
"date": "2019-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002901"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-9862"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-927"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-927"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ABUS Information disclosure vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002901"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-927"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…