Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for Kontrol Lux by Sciener

    CVE-2023-7017 (GCVE-0-2023-7017)

    Vulnerability from nvd – Published: 2024-03-15 17:07 – Updated: 2025-11-04 18:22
    VLAI
    Title
    CVE-2023-7017
    Summary
    Sciener locks' firmware update mechanism do not authenticate or validate firmware updates if passed to the lock through the Bluetooth Low Energy service. A challenge request can be sent to the lock with a command to prepare for an update, rather than an unlock request, allowing an attacker to compromise the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Sciener Kontrol Lux Affected: 6.5.x , ≤ 6.5.07 (custom)
    Create a notification for this product.
    sciener kontrol_lux_firmware Affected: 6.5.x , ≤ 6.5.07 (custom)
        cpe:2.3:o:sciener:kontrol_lux_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:12.788Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/949046"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:sciener:kontrol_lux_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "kontrol_lux_firmware",
                "vendor": "sciener",
                "versions": [
                  {
                    "lessThanOrEqual": "6.5.07",
                    "status": "affected",
                    "version": "6.5.x",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-7017",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-15T19:25:24.356996Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-28T16:26:36.957Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kontrol Lux",
              "vendor": "Sciener",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.07",
                  "status": "affected",
                  "version": "6.5.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sciener locks\u0027 firmware update mechanism do not authenticate or validate firmware updates if passed to the lock through the Bluetooth Low Energy service. A challenge request can be sent to the lock with a command to prepare for an update, rather than an unlock request, allowing an attacker to compromise the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-494 Download of Code Without Integrity Check",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-15T17:07:28.081Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2023-7017",
          "x_generator": {
            "engine": "VINCE 2.1.11",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7017"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-7017",
        "datePublished": "2024-03-15T17:07:28.081Z",
        "dateReserved": "2023-12-20T15:50:30.248Z",
        "dateUpdated": "2025-11-04T18:22:12.788Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-7009 (GCVE-0-2023-7009)

    Vulnerability from nvd – Published: 2024-03-15 17:07 – Updated: 2025-11-04 18:22
    VLAI
    Title
    CVE-2023-7009
    Summary
    Some Sciener-based locks support plaintext message processing over Bluetooth Low Energy, allowing unencrypted malicious commands to be passed to the lock. These malicious commands, less then 16 bytes in length, will be processed by the lock as if they were encrypted communications. This can be further exploited by an attacker to compromise the lock's integrity.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Sciener Kontrol Lux Affected: 6.5.x , ≤ 6.5.07 (custom)
    Create a notification for this product.
    sciener kontrol_lux_firmware Affected: 6.5 , ≤ 6.5.07 (custom)
        cpe:2.3:a:sciener:kontrol_lux_firmware:6.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sciener:kontrol_lux_firmware:6.5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "kontrol_lux_firmware",
                "vendor": "sciener",
                "versions": [
                  {
                    "lessThanOrEqual": "6.5.07",
                    "status": "affected",
                    "version": "6.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-7009",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-26T15:09:45.609770Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-26T15:11:10.151Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:11.492Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/949046"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kontrol Lux",
              "vendor": "Sciener",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.07",
                  "status": "affected",
                  "version": "6.5.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Some Sciener-based locks support plaintext message processing over Bluetooth Low Energy, allowing unencrypted malicious commands to be passed to the lock. These malicious commands, less then 16 bytes in length, will be processed by the lock as if they were encrypted communications. This can be further exploited by an attacker to compromise the lock\u0027s integrity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-311 Missing Encryption of Sensitive Data",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-15T17:07:48.318Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2023-7009",
          "x_generator": {
            "engine": "VINCE 2.1.11",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7009"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-7009",
        "datePublished": "2024-03-15T17:07:48.318Z",
        "dateReserved": "2023-12-20T15:34:13.342Z",
        "dateUpdated": "2025-11-04T18:22:11.492Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-7006 (GCVE-0-2023-7006)

    Vulnerability from nvd – Published: 2024-03-15 17:08 – Updated: 2025-11-04 18:22
    VLAI
    Title
    CVE-2023-7006
    Summary
    The unlockKey character in a lock using Sciener firmware can be brute forced through repeated challenge requests, compromising the locks integrity.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-799 - Improper Control of Interaction Frequency
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    Impacted products
    Vendor Product Version
    Sciener Kontrol Lux Affected: 6.4.5 , ≤ 6.4.5 (custom)
    Create a notification for this product.
    sciener kontrol_lux_firmware Affected: 6.4.5
        cpe:2.3:o:sciener:kontrol_lux_firmware:6.4.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:09.047Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/949046"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:sciener:kontrol_lux_firmware:6.4.5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "kontrol_lux_firmware",
                "vendor": "sciener",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.4.5"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-7006",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T20:21:20.081326Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:23:32.609Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kontrol Lux",
              "vendor": "Sciener",
              "versions": [
                {
                  "lessThanOrEqual": "6.4.5",
                  "status": "affected",
                  "version": "6.4.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The unlockKey character in a lock using Sciener firmware can be brute forced through repeated challenge requests, compromising the locks integrity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-799: Improper Control of Interaction Frequency",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-15T17:08:34.433Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2023-7006",
          "x_generator": {
            "engine": "VINCE 2.1.11",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7006"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-7006",
        "datePublished": "2024-03-15T17:08:34.433Z",
        "dateReserved": "2023-12-20T14:58:53.216Z",
        "dateUpdated": "2025-11-04T18:22:09.047Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-7003 (GCVE-0-2023-7003)

    Vulnerability from nvd – Published: 2024-03-15 17:09 – Updated: 2025-11-04 18:22
    VLAI
    Title
    CVE-2023-7003
    Summary
    The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to compromise other locks using the Sciener firmware.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-323 - Reusing a Nonce, Key Pair in Encryption
    Assigner
    Impacted products
    Vendor Product Version
    Sciener Kontrol Lux Affected: 6.5.x , ≤ 6.5.07 (custom)
    Create a notification for this product.
    sciener ttlock_app Affected: 6.5.0 , ≤ 6.5.07 (custom)
        cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:05.474Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/949046"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ttlock_app",
                "vendor": "sciener",
                "versions": [
                  {
                    "lessThanOrEqual": "6.5.07",
                    "status": "affected",
                    "version": "6.5.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-7003",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-19T15:26:50.526350Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T23:18:09.379Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kontrol Lux",
              "vendor": "Sciener",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.07",
                  "status": "affected",
                  "version": "6.5.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to compromise other locks using the Sciener firmware."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-323",
                  "description": "CWE-323 Reusing a Nonce, Key Pair in Encryption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-24T14:42:55.921Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2023-7003",
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-7003",
        "datePublished": "2024-03-15T17:09:14.442Z",
        "dateReserved": "2023-12-20T14:56:09.534Z",
        "dateUpdated": "2025-11-04T18:22:05.474Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-7003 (GCVE-0-2023-7003)

    Vulnerability from cvelistv5 – Published: 2024-03-15 17:09 – Updated: 2025-11-04 18:22
    VLAI
    Title
    CVE-2023-7003
    Summary
    The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to compromise other locks using the Sciener firmware.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-323 - Reusing a Nonce, Key Pair in Encryption
    Assigner
    Impacted products
    Vendor Product Version
    Sciener Kontrol Lux Affected: 6.5.x , ≤ 6.5.07 (custom)
    Create a notification for this product.
    sciener ttlock_app Affected: 6.5.0 , ≤ 6.5.07 (custom)
        cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:05.474Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/949046"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ttlock_app",
                "vendor": "sciener",
                "versions": [
                  {
                    "lessThanOrEqual": "6.5.07",
                    "status": "affected",
                    "version": "6.5.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-7003",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-19T15:26:50.526350Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T23:18:09.379Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kontrol Lux",
              "vendor": "Sciener",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.07",
                  "status": "affected",
                  "version": "6.5.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to compromise other locks using the Sciener firmware."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-323",
                  "description": "CWE-323 Reusing a Nonce, Key Pair in Encryption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-24T14:42:55.921Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2023-7003",
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-7003",
        "datePublished": "2024-03-15T17:09:14.442Z",
        "dateReserved": "2023-12-20T14:56:09.534Z",
        "dateUpdated": "2025-11-04T18:22:05.474Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-7006 (GCVE-0-2023-7006)

    Vulnerability from cvelistv5 – Published: 2024-03-15 17:08 – Updated: 2025-11-04 18:22
    VLAI
    Title
    CVE-2023-7006
    Summary
    The unlockKey character in a lock using Sciener firmware can be brute forced through repeated challenge requests, compromising the locks integrity.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-799 - Improper Control of Interaction Frequency
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    Impacted products
    Vendor Product Version
    Sciener Kontrol Lux Affected: 6.4.5 , ≤ 6.4.5 (custom)
    Create a notification for this product.
    sciener kontrol_lux_firmware Affected: 6.4.5
        cpe:2.3:o:sciener:kontrol_lux_firmware:6.4.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:09.047Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/949046"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:sciener:kontrol_lux_firmware:6.4.5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "kontrol_lux_firmware",
                "vendor": "sciener",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.4.5"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-7006",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T20:21:20.081326Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:23:32.609Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kontrol Lux",
              "vendor": "Sciener",
              "versions": [
                {
                  "lessThanOrEqual": "6.4.5",
                  "status": "affected",
                  "version": "6.4.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The unlockKey character in a lock using Sciener firmware can be brute forced through repeated challenge requests, compromising the locks integrity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-799: Improper Control of Interaction Frequency",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-15T17:08:34.433Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2023-7006",
          "x_generator": {
            "engine": "VINCE 2.1.11",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7006"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-7006",
        "datePublished": "2024-03-15T17:08:34.433Z",
        "dateReserved": "2023-12-20T14:58:53.216Z",
        "dateUpdated": "2025-11-04T18:22:09.047Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-7009 (GCVE-0-2023-7009)

    Vulnerability from cvelistv5 – Published: 2024-03-15 17:07 – Updated: 2025-11-04 18:22
    VLAI
    Title
    CVE-2023-7009
    Summary
    Some Sciener-based locks support plaintext message processing over Bluetooth Low Energy, allowing unencrypted malicious commands to be passed to the lock. These malicious commands, less then 16 bytes in length, will be processed by the lock as if they were encrypted communications. This can be further exploited by an attacker to compromise the lock's integrity.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Sciener Kontrol Lux Affected: 6.5.x , ≤ 6.5.07 (custom)
    Create a notification for this product.
    sciener kontrol_lux_firmware Affected: 6.5 , ≤ 6.5.07 (custom)
        cpe:2.3:a:sciener:kontrol_lux_firmware:6.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sciener:kontrol_lux_firmware:6.5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "kontrol_lux_firmware",
                "vendor": "sciener",
                "versions": [
                  {
                    "lessThanOrEqual": "6.5.07",
                    "status": "affected",
                    "version": "6.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-7009",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-26T15:09:45.609770Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-26T15:11:10.151Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:11.492Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/949046"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kontrol Lux",
              "vendor": "Sciener",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.07",
                  "status": "affected",
                  "version": "6.5.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Some Sciener-based locks support plaintext message processing over Bluetooth Low Energy, allowing unencrypted malicious commands to be passed to the lock. These malicious commands, less then 16 bytes in length, will be processed by the lock as if they were encrypted communications. This can be further exploited by an attacker to compromise the lock\u0027s integrity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-311 Missing Encryption of Sensitive Data",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-15T17:07:48.318Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2023-7009",
          "x_generator": {
            "engine": "VINCE 2.1.11",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7009"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-7009",
        "datePublished": "2024-03-15T17:07:48.318Z",
        "dateReserved": "2023-12-20T15:34:13.342Z",
        "dateUpdated": "2025-11-04T18:22:11.492Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-7017 (GCVE-0-2023-7017)

    Vulnerability from cvelistv5 – Published: 2024-03-15 17:07 – Updated: 2025-11-04 18:22
    VLAI
    Title
    CVE-2023-7017
    Summary
    Sciener locks' firmware update mechanism do not authenticate or validate firmware updates if passed to the lock through the Bluetooth Low Energy service. A challenge request can be sent to the lock with a command to prepare for an update, rather than an unlock request, allowing an attacker to compromise the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Sciener Kontrol Lux Affected: 6.5.x , ≤ 6.5.07 (custom)
    Create a notification for this product.
    sciener kontrol_lux_firmware Affected: 6.5.x , ≤ 6.5.07 (custom)
        cpe:2.3:o:sciener:kontrol_lux_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:12.788Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/949046"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:sciener:kontrol_lux_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "kontrol_lux_firmware",
                "vendor": "sciener",
                "versions": [
                  {
                    "lessThanOrEqual": "6.5.07",
                    "status": "affected",
                    "version": "6.5.x",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-7017",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-15T19:25:24.356996Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-28T16:26:36.957Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kontrol Lux",
              "vendor": "Sciener",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.07",
                  "status": "affected",
                  "version": "6.5.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sciener locks\u0027 firmware update mechanism do not authenticate or validate firmware updates if passed to the lock through the Bluetooth Low Energy service. A challenge request can be sent to the lock with a command to prepare for an update, rather than an unlock request, allowing an attacker to compromise the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-494 Download of Code Without Integrity Check",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-15T17:07:28.081Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2023-7017",
          "x_generator": {
            "engine": "VINCE 2.1.11",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7017"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-7017",
        "datePublished": "2024-03-15T17:07:28.081Z",
        "dateReserved": "2023-12-20T15:50:30.248Z",
        "dateUpdated": "2025-11-04T18:22:12.788Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }