Lucene search
HistoryApr 18, 2023 - 6:15 p.m.
CVE-2023-25556
cve-2023-25556
cwe-287
improper authentication
device compromise
knx installation
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
22.9%
A CWE-287: Improper Authentication vulnerability exists that could allow a device to be
compromised when a key of less than seven digits is entered and the attacker has access to the
KNX installation.
Affected configurations
Node
schneider-electricmerten_instabus_tastermodul_1fach_system_mMatch-
schneider-electricmerten_instabus_tastermodul_1fach_system_m_firmwareMatch1.0
Node
schneider-electricmerten_instabus_tastermodul_2fach_system_mMatch-
schneider-electricmerten_instabus_tastermodul_2fach_system_m_firmwareMatch1.0
Node
schneider-electricmerten_tasterschnittstelle_4fach_plusMatch-
schneider-electricmerten_tasterschnittstelle_4fach_plus_firmwareMatch1.0
ORschneider-electricmerten_tasterschnittstelle_4fach_plus_firmwareMatch1.2
Node
schneider-electricmerten_knx_argus_180\/2\,20m_up_systemMatch-
schneider-electricmerten_knx_argus_180\/2\,20m_up_system_firmwareMatch1.0
Node
schneider-electricmerten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hbMatch-
schneider-electricmerten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb_firmwareMatch1.0
Node
schneider-electricmerten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_wMatch-
schneider-electricmerten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w_firmwareMatch1.0
ORschneider-electricmerten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w_firmwareMatch1.1
Node
schneider-electricmerten_knx_schaltakt.2x6a_up_m.2_eing.Match-
schneider-electricmerten_knx_schaltakt.2x6a_up_m.2_eing._firmwareMatch0.1
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Merten INSTABUS Tastermodul 1fach System M 625199",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Program Version 1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Merten INSTABUS Tastermodul 2fach System M 625299",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Program Version 1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Merten Tasterschnittstelle 4fach plus 670804",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Program Version 1.0"
},
{
"status": "affected",
"version": "Program Version 1.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Merten KNX ARGUS 180/2,20M UP SYSTEM 631725",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Program Version 1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Merten Jalousie-/Schaltaktor REG-K/8x/16x/10 m. HB 649908",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Program Version 1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Merten KNX Uni-Dimmaktor LL REG-K/2x230/300 W MEG6710-0002",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Program Version 1.0"
},
{
"status": "affected",
"version": "Program Version 1.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Merten KNX Schaltakt.2x6A UP m.2 Eing. MEG6003-0002",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Program Version 0.1"
}
]
}
]Social References
More
Related
nvd
nvd
CVE-2023-25556
2023-04-18 18:15:07
cvelist
cvelist
CVE-2023-25556
2023-04-18 17:03:07
prion
prion
Authentication flaw
2023-04-18 18:15:00
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
22.9%
Related for CVE-2023-25556