Lucene search

SchneiderCVELIST:CVE-2023-25556

HistoryApr 18, 2023 - 5:03 p.m.

CVE-2023-25556

2023-04-1817:03:07

CWE-287

schneider

www.cve.org

cwe-287

improper authentication

compromised device

knx installation

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

26.2%

JSON

A CWE-287: Improper Authentication vulnerability exists that could allow a device to be
compromised when a key of less than seven digits is entered and the attacker has access to the
KNX installation.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Merten INSTABUS Tastermodul 1fach System M 625199",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Program Version 1.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Merten INSTABUS Tastermodul 2fach System M 625299",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Program Version 1.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Merten Tasterschnittstelle 4fach plus 670804",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Program Version 1.0"
      },
      {
        "status": "affected",
        "version": "Program Version 1.2"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Merten KNX ARGUS 180/2,20M UP SYSTEM 631725",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Program Version 1.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Merten Jalousie-/Schaltaktor REG-K/8x/16x/10 m. HB 649908",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Program Version 1.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Merten KNX Uni-Dimmaktor LL REG-K/2x230/300 W MEG6710-0002",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Program Version 1.0"
      },
      {
        "status": "affected",
        "version": "Program Version 1.1"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Merten KNX Schaltakt.2x6A UP m.2 Eing. MEG6003-0002",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Program Version 0.1"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

26.2%

JSON

Related for CVELIST:CVE-2023-25556