OTPulse
FeedAboutContact

HID Global SAFE

Monitor7.3ICS-CERT ICSA-23-152-02Jun 1, 2023
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary

A vulnerability in HID SAFE versions 5.8.0 through 5.11.3 when using the optional External Visitor Manager portal could allow an authenticated user to expose personal visitor data or cause a denial-of-service condition in the portal. The vulnerability requires valid user credentials and user interaction to trigger. HID Global reports that all affected systems have already been patched. Systems not using the External Visitor Manager feature are not affected.

What this means
What could happen
An attacker with valid credentials could access sensitive visitor data or cause the External Visitor Manager portal to become unavailable, affecting visitor check-in processes at the facility.
Who's at risk
Organizations using HID SAFE with the optional External Visitor Manager portal are affected. This impacts facilities (municipal buildings, utilities, corporate campuses) that rely on the visitor check-in and management system for access control and visitor tracking.
How it could be exploited
An authenticated user with legitimate access to the HID SAFE External Visitor Manager portal (versions 5.8.0 through 5.11.3) could trigger a vulnerability that either exposes personal data stored in the system or crashes the portal, disrupting visitor management operations.
Prerequisites
  • Valid user credentials for the External Visitor Manager portal
  • Network access to the External Visitor Manager portal
  • User interaction (UI interaction noted in CVSS vector)
  • External Visitor Manager feature must be deployed and enabled
Requires valid credentials (insider threat component)Affects optional feature with limited deploymentNo public exploit availableExposure of personal data (visitor information)Denial of service impact on visitor operations
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
HID SAFE using the optional External Visitor Manager portal: >= 5.8.0 | <= 5.11.3≥ 5.8.0 | ≤ 5.11.3No fix yet
Remediation & Mitigation
0/4
Do now
0/3
HOTFIXContact HID Global to verify if your systems have been patched, as the advisory states all affected systems have already been patched
WORKAROUNDDisable or remove the External Visitor Manager feature if it is not actively used in your facility
HARDENINGRestrict network access to the External Visitor Manager portal to authorized administrative staff only using firewall rules or network segmentation
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGAudit access logs for the External Visitor Manager portal to identify any suspicious activity
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/4b033fec-15fe-4a55-9dec-5b8ab73f18cf
HID Global SAFE | CVSS 7.3 - OTPulse