A CWE-287: Improper Authentication vulnerability exists that could allow a device to be
compromised when a key of less than seven digits is entered and the attacker has access to the
KNX installation.
References
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
History
28 Apr 2023, 13:36
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| References | (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf - Vendor Advisory | |
| CPE | cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_1fach_system_m_firmware:1.0:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.2:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_2fach_system_m_firmware:1.0:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:merten_knx_argus_180\/2\,20m_up_system:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing._firmware:0.1:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:merten_tasterschnittstelle_4fach_plus:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_1fach_system_m:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing.:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w_firmware:1.0:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.0:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb_firmware:1.0:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w_firmware:1.1:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:merten_knx_argus_180\/2\,20m_up_system_firmware:1.0:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_2fach_system_m:-:*:*:*:*:*:*:* |
|
| First Time |
Schneider-electric merten Tasterschnittstelle 4fach Plus Firmware
Schneider-electric merten Knx Argus 180\/2\,20m Up System Firmware Schneider-electric merten Instabus Tastermodul 2fach System M Schneider-electric merten Instabus Tastermodul 1fach System M Schneider-electric merten Knx Schaltakt.2x6a Up M.2 Eing. Schneider-electric Schneider-electric merten Instabus Tastermodul 1fach System M Firmware Schneider-electric merten Tasterschnittstelle 4fach Plus Schneider-electric merten Knx Uni-dimmaktor Ll Reg-k\/2x230\/300 W Firmware Schneider-electric merten Jalousie-\/schaltaktor Reg-k\/8x\/16x\/10 M. Hb Firmware Schneider-electric merten Jalousie-\/schaltaktor Reg-k\/8x\/16x\/10 M. Hb Schneider-electric merten Knx Argus 180\/2\,20m Up System Schneider-electric merten Instabus Tastermodul 2fach System M Firmware Schneider-electric merten Knx Uni-dimmaktor Ll Reg-k\/2x230\/300 W Schneider-electric merten Knx Schaltakt.2x6a Up M.2 Eing. Firmware |
18 Apr 2023, 19:40
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-04-18 18:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-25556
Mitre link : CVE-2023-25556
CVE.ORG link : CVE-2023-25556
JSON object : View
Products Affected
schneider-electric
- merten_instabus_tastermodul_1fach_system_m
- merten_instabus_tastermodul_2fach_system_m
- merten_instabus_tastermodul_2fach_system_m_firmware
- merten_tasterschnittstelle_4fach_plus
- merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb
- merten_knx_schaltakt.2x6a_up_m.2_eing.
- merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb_firmware
- merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w_firmware
- merten_knx_argus_180\/2\,20m_up_system_firmware
- merten_knx_argus_180\/2\,20m_up_system
- merten_knx_schaltakt.2x6a_up_m.2_eing._firmware
- merten_tasterschnittstelle_4fach_plus_firmware
- merten_instabus_tastermodul_1fach_system_m_firmware
- merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w
CWE
CWE-287
Improper Authentication