CVE-2022-31481

Name of the Vulnerable Software and Affected Versions HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 versions prior to 1.302 for the LP series and 1.296 for the EP series

Description The issue is related to a buffer overflow vulnerability due to the lack of input size validation. An unauthenticated attacker can exploit this by sending a specially crafted update file, allowing them to execute arbitrary code. This can enable the attacker to monitor communications, modify onboard relays, change configuration files, or cause the device to become unstable.

Recommendations For HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 versions prior to 1.302 for the LP series and 1.296 for the EP series, update the firmware to a version that is 1.302 or later for the LP series and 1.296 or later for the EP series to resolve the issue. As a temporary workaround, consider restricting access to the update mechanism to prevent specially crafted update files from being sent to the device.