8.8
CWE
287
Advisory Published
Updated

CVE-2023-25556

First published: Tue Apr 18 2023(Updated: )

A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation.

Credit: cybersecurity@se.com

Affected SoftwareAffected VersionHow to fix
Schneider-electric Merten Instabus Tastermodul 1fach System M Firmware=1.0
Schneider-electric Merten Instabus Tastermodul 1fach System M
Schneider-electric Merten Instabus Tastermodul 2fach System M Firmware=1.0
Schneider-electric Merten Instabus Tastermodul 2fach System M
Schneider-electric Merten Tasterschnittstelle 4fach Plus Firmware=1.0
Schneider-electric Merten Tasterschnittstelle 4fach Plus Firmware=1.2
Schneider-electric Merten Tasterschnittstelle 4fach Plus
Schneider-electric Merten Knx Argus 180\/2\,20m Up System Firmware=1.0
Schneider-electric Merten Knx Argus 180\/2\,20m Up System
Schneider-electric Merten Jalousie-\/schaltaktor Reg-k\/8x\/16x\/10 M. Hb Firmware=1.0
Schneider-electric Merten Jalousie-\/schaltaktor Reg-k\/8x\/16x\/10 M. Hb
Schneider-electric Merten Knx Uni-dimmaktor Ll Reg-k\/2x230\/300 W Firmware=1.0
Schneider-electric Merten Knx Uni-dimmaktor Ll Reg-k\/2x230\/300 W Firmware=1.1
Schneider-electric Merten Knx Uni-dimmaktor Ll Reg-k\/2x230\/300 W
Schneider-electric Merten Knx Schaltakt.2x6a Up M.2 Eing. Firmware=0.1
Schneider-electric Merten Knx Schaltakt.2x6a Up M.2 Eing.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID of this security notice?

    The vulnerability ID of this security notice is CVE-2023-25556.

  • What is the severity of CVE-2023-25556?

    The severity of CVE-2023-25556 is rated as high with a severity value of 8.8.

  • What is the CWE ID associated with CVE-2023-25556?

    The CWE ID associated with CVE-2023-25556 is CWE-287: Improper Authentication.

  • Which software versions are affected by CVE-2023-25556?

    The affected software versions are Schneider Electric Merten Instabus Tastermodul 1-fach System M Firmware 1.0, Schneider Electric Merten Instabus Tastermodul 2-fach System M Firmware 1.0, Schneider Electric Merten Tasterschnittstelle 4-fach Plus Firmware 1.0 and 1.2, and Schneider Electric Merten KNX Argus 180/2,20m UP System Firmware 1.0.

  • How can CVE-2023-25556 be exploited?

    CVE-2023-25556 can be exploited when a key of less than seven digits is entered and the attacker has access to the KNX installation.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203