Authentication flaw

2023-04-1818:15:00

PRIOn knowledge base

www.prio-n.com

improper authentication

vulnerability

knx installation

compromised

key length

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.0%

JSON

A CWE-287: Improper Authentication vulnerability exists that could allow a device to be
compromised when a key of less than seven digits is entered and the attacker has access to the
KNX installation.

CPENameOperatorVersion
merten_instabus_tastermodul_1fach_system_m_firmwareeq1.0
merten_instabus_tastermodul_2fach_system_m_firmwareeq1.0
merten_jalousie-\\/schaltaktor_reg-k\\/8x\\/16x\\/10_m._hb_firmwareeq1.0
merten_knx_argus_180\\/2\\,20m_up_system_firmwareeq1.0
merten_knx_schaltakt.2x6a_up_m.2_eing._firmwareeq0.1
merten_knx_uni-dimmaktor_ll_reg-k\\/2x230\\/300_w_firmwareeq1.0
merten_knx_uni-dimmaktor_ll_reg-k\\/2x230\\/300_w_firmwareeq1.1
merten_tasterschnittstelle_4fach_plus_firmwareeq1.0
merten_tasterschnittstelle_4fach_plus_firmwareeq1.2

Name	Operator	Version
merten_instabus_tastermodul_1fach_system_m_firmware	eq	1.0
merten_instabus_tastermodul_2fach_system_m_firmware	eq	1.0
merten_jalousie-\\/schaltaktor_reg-k\\/8x\\/16x\\/10_m._hb_firmware	eq	1.0
merten_knx_argus_180\\/2\\,20m_up_system_firmware	eq	1.0
merten_knx_schaltakt.2x6a_up_m.2_eing._firmware	eq	0.1
merten_knx_uni-dimmaktor_ll_reg-k\\/2x230\\/300_w_firmware	eq	1.0
merten_knx_uni-dimmaktor_ll_reg-k\\/2x230\\/300_w_firmware	eq	1.1
merten_tasterschnittstelle_4fach_plus_firmware	eq	1.0
merten_tasterschnittstelle_4fach_plus_firmware	eq	1.2