PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM)Severity:Severity level: High Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS Access Vector: LocalCVSS v3.0 Base Score: 6,8 Vector: (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVE-2018-9100 Vulnerability description:With access to the dispenser controller USB port, an attacker can install an outdated or modified firmware version (with malicious content) to bypass the encryption and withdraw cash.Advisory status:07.2018 - Vendor notification dateCredits:The vulnerability was discovered by Vladimir Kononovich, Alexey Stennikov (independent researcher)