CVE-2017-17668

Name of the Vulnerable Software and Affected Versions: NCR S1 Dispenser controller versions prior to 0x0156

Description: The issue is related to the memory write mechanism in the NCR S1 Dispenser controller, which lacks sufficient protection. This allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities. Exploitation of this issue may enable a remote attacker to execute arbitrary code or downgrade the device's firmware to an outdated version with known vulnerabilities.

Recommendations: For versions prior to 0x0156, update the firmware to version 0x0156 or later to resolve the issue. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.