ByteOS Network

NVD Vulnerability Details :

CVE-2023-25556

Analyzed

Source-cybersecurity@se.com

Published At-18 Apr, 2023 | 18:15

Updated At-28 Apr, 2023 | 13:36

A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	8.3	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

CPE Matches

Schneider Electric SE

>>merten_instabus_tastermodul_1fach_system_m>>-

cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_1fach_system_m:-:*:*:*:*:*:*:*

Schneider Electric SE

>>merten_instabus_tastermodul_1fach_system_m_firmware>>1.0

cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_1fach_system_m_firmware:1.0:*:*:*:*:*:*:*

Schneider Electric SE

>>merten_instabus_tastermodul_2fach_system_m>>-

cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_2fach_system_m:-:*:*:*:*:*:*:*

Schneider Electric SE

>>merten_instabus_tastermodul_2fach_system_m_firmware>>1.0

cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_2fach_system_m_firmware:1.0:*:*:*:*:*:*:*

Schneider Electric SE

>>merten_tasterschnittstelle_4fach_plus>>-

cpe:2.3:h:schneider-electric:merten_tasterschnittstelle_4fach_plus:-:*:*:*:*:*:*:*

Schneider Electric SE

>>merten_tasterschnittstelle_4fach_plus_firmware>>1.0

cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.0:*:*:*:*:*:*:*

Schneider Electric SE

>>merten_tasterschnittstelle_4fach_plus_firmware>>1.2

cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.2:*:*:*:*:*:*:*

Schneider Electric SE

>>merten_knx_argus_180\/2\,20m_up_system>>-

cpe:2.3:h:schneider-electric:merten_knx_argus_180\/2\,20m_up_system:-:*:*:*:*:*:*:*

Schneider Electric SE

>>merten_knx_argus_180\/2\,20m_up_system_firmware>>1.0

cpe:2.3:o:schneider-electric:merten_knx_argus_180\/2\,20m_up_system_firmware:1.0:*:*:*:*:*:*:*

Schneider Electric SE

>>merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb>>-

cpe:2.3:h:schneider-electric:merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb:-:*:*:*:*:*:*:*

Schneider Electric SE

>>merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb_firmware>>1.0

cpe:2.3:o:schneider-electric:merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb_firmware:1.0:*:*:*:*:*:*:*

Schneider Electric SE

>>merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w>>-

cpe:2.3:h:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w:-:*:*:*:*:*:*:*

Schneider Electric SE

>>merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w_firmware>>1.0

cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w_firmware:1.0:*:*:*:*:*:*:*

Schneider Electric SE

>>merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w_firmware>>1.1

cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w_firmware:1.1:*:*:*:*:*:*:*

Schneider Electric SE

>>merten_knx_schaltakt.2x6a_up_m.2_eing.>>-

cpe:2.3:h:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing.:-:*:*:*:*:*:*:*

Schneider Electric SE

>>merten_knx_schaltakt.2x6a_up_m.2_eing._firmware>>0.1

cpe:2.3:o:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing._firmware:0.1:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-287	Primary	cybersecurity@se.com

References

Hyperlink	Source	Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf	cybersecurity@se.com	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History