CVE-2023-25556

A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation.

CVSS v3 8.3 HIGH

8.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.5

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf	Vendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_1fach_system_m_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_1fach_system_m:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_2fach_system_m_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_2fach_system_m:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.0:::::::*
	cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.2:::::::*

cpe:2.3:h:schneider-electric:merten_tasterschnittstelle_4fach_plus:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:schneider-electric:merten_knx_argus_180\/2\,20m_up_system_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:merten_knx_argus_180\/2\,20m_up_system:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:schneider-electric:merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w_firmware:1.0:::::::*
	cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w_firmware:1.1:::::::*

cpe:2.3:h:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing._firmware:0.1:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing.:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:49

Type	Values Removed	Values Added
References	~~() https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf - Vendor Advisory~~	() https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~8.8~~	v2 : unknown v3 : 8.3

28 Apr 2023, 13:36

Type	Values Removed	Values Added
First Time		Schneider-electric merten Instabus Tastermodul 2fach System M Firmware Schneider-electric Schneider-electric merten Knx Uni-dimmaktor Ll Reg-k\/2x230\/300 W Schneider-electric merten Tasterschnittstelle 4fach Plus Firmware Schneider-electric merten Knx Schaltakt.2x6a Up M.2 Eing. Schneider-electric merten Knx Uni-dimmaktor Ll Reg-k\/2x230\/300 W Firmware Schneider-electric merten Instabus Tastermodul 2fach System M Schneider-electric merten Instabus Tastermodul 1fach System M Schneider-electric merten Tasterschnittstelle 4fach Plus Schneider-electric merten Knx Schaltakt.2x6a Up M.2 Eing. Firmware Schneider-electric merten Jalousie-\/schaltaktor Reg-k\/8x\/16x\/10 M. Hb Firmware Schneider-electric merten Instabus Tastermodul 1fach System M Firmware Schneider-electric merten Jalousie-\/schaltaktor Reg-k\/8x\/16x\/10 M. Hb Schneider-electric merten Knx Argus 180\/2\,20m Up System Firmware Schneider-electric merten Knx Argus 180\/2\,20m Up System
CPE		cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_1fach_system_m:-:::::::* cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w_firmware:1.0:::::::* cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w_firmware:1.1:::::::* cpe:2.3:h:schneider-electric:merten_knx_argus_180\/2\,20m_up_system:-:::::::* cpe:2.3:o:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing._firmware:0.1:::::::* cpe:2.3:h:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w:-:::::::* cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_2fach_system_m:-:::::::* cpe:2.3:h:schneider-electric:merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb:-:::::::* cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_1fach_system_m_firmware:1.0:::::::* cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.2:::::::* cpe:2.3:o:schneider-electric:merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb_firmware:1.0:::::::* cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.0:::::::* cpe:2.3:h:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing.:-:::::::* cpe:2.3:h:schneider-electric:merten_tasterschnittstelle_4fach_plus:-:::::::* cpe:2.3:o:schneider-electric:merten_knx_argus_180\/2\,20m_up_system_firmware:1.0:::::::* cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_2fach_system_m_firmware:1.0:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
References	~~(MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf -~~	(MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf - Vendor Advisory

18 Apr 2023, 19:40

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-04-18 18:15

Updated : 2024-11-21 07:49

NVD link : CVE-2023-25556

Mitre link : CVE-2023-25556

CVE.ORG link : CVE-2023-25556

JSON object : View

Products Affected

schneider-electric

merten_instabus_tastermodul_2fach_system_m_firmware
merten_knx_argus_180\/2\,20m_up_system_firmware
merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb_firmware
merten_instabus_tastermodul_1fach_system_m
merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb
merten_knx_schaltakt.2x6a_up_m.2_eing.
merten_tasterschnittstelle_4fach_plus_firmware
merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w_firmware
merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w
merten_knx_schaltakt.2x6a_up_m.2_eing._firmware
merten_instabus_tastermodul_1fach_system_m_firmware
merten_instabus_tastermodul_2fach_system_m
merten_tasterschnittstelle_4fach_plus
merten_knx_argus_180\/2\,20m_up_system

CWE

CWE-287

Improper Authentication

8.3 /10