On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution. This means that JTAG access is possible when the system is running code from ROM before handing control over to embedded firmware.
Threat-Mapped Scoring
Score: 1.8
Priority: P4 - Informational (Low)
S9 – Sabotage of System/App
EPSS
Score: 0.00626Percentile:
0.69264
CVSS Scoring
CVSS v3.1 Score: 5.9
Severity: MEDIUM
Mapped CWE(s)
CWE-285
: Improper Authorization
CWE-362
: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
All CAPEC(s)
CAPEC-1 : Accessing Functionality Not Properly Constrained by ACLs
CAPEC-104 : Cross Zone Scripting
CAPEC-127 : Directory Indexing
CAPEC-13 : Subverting Environment Variable Values
CAPEC-17 : Using Malicious Files
CAPEC-26 : Leveraging Race Conditions
CAPEC-29 : Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-39 : Manipulating Opaque Client-based Data Tokens
CAPEC-402 : Bypassing ATA Password Security
CAPEC-45 : Buffer Overflow via Symbolic Links
CAPEC-5 : Blue Boxing
CAPEC-51 : Poison Web Service Registry
CAPEC-59 : Session Credential Falsification through Prediction
CAPEC-60 : Reusing Session IDs (aka Session Replay)
CAPEC-647 : Collect Data from Registries
CAPEC-668 : Key Negotiation of Bluetooth Attack (KNOB)
CAPEC-76 : Manipulating Web Input to File System Calls
CAPEC-77 : Manipulating User-Controlled Variables
CAPEC-87 : Forceful Browsing
CAPEC(s) with Mapped TTPs
CAPEC-1 : Accessing Functionality Not Properly Constrained by ACLs
Mapped TTPs:
T1574.010
: Services File Permissions Weakness
CAPEC-127 : Directory Indexing
Mapped TTPs:
T1083
: File and Directory Discovery
CAPEC-13 : Subverting Environment Variable Values
Mapped TTPs:
T1562.003
: Impair Command History Logging
T1574.006
: Dynamic Linker Hijacking
T1574.007
: Path Interception by PATH Environment Variable
CAPEC-17 : Using Malicious Files
Mapped TTPs:
T1574.005
: Executable Installer File Permissions Weakness
T1574.010
: Services File Permissions Weakness
CAPEC-60 : Reusing Session IDs (aka Session Replay)
Mapped TTPs:
CAPEC-647 : Collect Data from Registries
Mapped TTPs:
CAPEC-668 : Key Negotiation of Bluetooth Attack (KNOB)
Mapped TTPs:
Mapped ATT&CK TTPs
T1574.010
: Services File Permissions Weakness
Kill Chain: persistence
T1083
: File and Directory Discovery
Kill Chain: discovery
T1562.003
: Impair Command History Logging
Kill Chain: defense-evasion
T1574.006
: Dynamic Linker Hijacking
Kill Chain: persistence
T1574.007
: Path Interception by PATH Environment Variable
Kill Chain: persistence
T1574.005
: Executable Installer File Permissions Weakness
Kill Chain: persistence
T1574.010
: Services File Permissions Weakness
Kill Chain: persistence
T1134.001
: Token Impersonation/Theft
Kill Chain: defense-evasion
T1550.004
: Web Session Cookie
Kill Chain: defense-evasion
T1005
: Data from Local System
Kill Chain: collection
T1012
: Query Registry
Kill Chain: discovery
T1552.002
: Credentials in Registry
Kill Chain: credential-access
T1565.002
: Transmitted Data Manipulation
Kill Chain: impact
Malware
APTs Threat Group Associations
Campaigns
Operation Wocao ArcaneDoor SolarWinds Compromise Operation CuckooBees CostaRicto Operation Honeybee Operation Dream Job C0015 Frankenstein Night Dragon Operation MidnightEclipse HomeLand Justice C0017 Cutting Edge KV Botnet Activity C0026
Affected Products
cpe:2.3:o:barco:clickshare_cs-100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:barco:clickshare_cse-200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:barco:clickshare_cse-200\+_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:barco:clickshare_cse-800_firmware:*:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me