CVE-2013-2782
First published: Wed Aug 28 2013(Updated: )
Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider Electric Tburjr900 | =00002dh0 | |
| Schneider Electric Tburjr900 | =00002eh0 | |
| Schneider Electric Tburjr900 | =01002dh0 | |
| Schneider Electric Tburjr900 | =01002eh0 | |
| Schneider Electric Tburjr900 | =05002dh0 | |
| Schneider Electric Tburjr900 | =05002eh0 | |
| Schneider Electric Tburjr900 | =06002dh0 | |
| Schneider Electric Tburjr900 | =06002eh0 | |
| Schneider Electric TBURJR900 Firmware | =3.6.0 | |
| Schneider Electric TBURJR900 Firmware | =3.6.1 | |
| Schneider Electric TBURJR900 Firmware | =3.6.2 | |
| Schneider Electric TBURJR900 Firmware | =3.6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-2782?
CVE-2013-2782 has a high severity level due to the risk of remote exploitation resulting from the use of a shared AES encryption key.
How do I fix CVE-2013-2782?
To mitigate CVE-2013-2782, update the firmware on the Schneider Electric Trio J-Series License Free Ethernet Radio to a version that uses a unique AES encryption key.
What products are affected by CVE-2013-2782?
CVE-2013-2782 affects Schneider Electric Trio J-Series License Free Ethernet Radios running firmware versions 3.6.0 through 3.6.3.
Can CVE-2013-2782 be exploited remotely?
Yes, CVE-2013-2782 can be exploited remotely since it allows attackers to utilize knowledge of the shared AES encryption key.
What are the implications of CVE-2013-2782?
The implications of CVE-2013-2782 include potential unauthorized access and defeat of cryptographic protection mechanisms in affected installations.
- agent/references
- agent/type
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/schneider electric tburjr900
- version/schneider electric tburjr900/00002dh0
- version/schneider electric tburjr900/00002eh0
- version/schneider electric tburjr900/01002dh0
- version/schneider electric tburjr900/01002eh0
- version/schneider electric tburjr900/05002dh0
- version/schneider electric tburjr900/05002eh0
- version/schneider electric tburjr900/06002dh0
- version/schneider electric tburjr900/06002eh0
- canonical/schneider electric tburjr900 firmware
- version/schneider electric tburjr900 firmware/3.6.0
- version/schneider electric tburjr900 firmware/3.6.1
- version/schneider electric tburjr900 firmware/3.6.2
- version/schneider electric tburjr900 firmware/3.6.3