CVE-2018-5717

Name of the Vulnerable Software and Affected Versions: NCR S2 Dispenser controller versions prior to 0x0108 NCR S1 Dispenser controller (affected versions not specified)

Description: The issue is related to the memory write mechanism in the dispenser controller, which lacks sufficient protection. This allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities. The exploitation of this issue may enable a remote attacker to execute arbitrary code or downgrade the device's firmware to a version with known vulnerabilities.

Recommendations: For NCR S2 Dispenser controller versions prior to 0x0108, update the firmware to version 0x0108 or later. For NCR S1 Dispenser controller, at the moment, there is no information about a newer version that contains a fix for this vulnerability.