CVE-2023-43775: Security issue in SMP Gateway automation platform
First published: Tue Sep 26 2023(Updated: )
Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause the SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is not vulnerable anymore.
Credit: CybersecurityCOE@eaton.com CybersecurityCOE@eaton.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eaton Smp Sg-4260 Firmware | >=8.0<8.0r9 | |
| Eaton Smp Sg-4260 Firmware | >=8.1<8.1r5 | |
| Eaton Smp Sg-4260 Firmware | >=8.2<8.2r4 | |
| Eaton Smp Sg-4260 | ||
| Eaton Smp Sg-4250 Firmware | >=8.0<8.0r9 | |
| Eaton Smp Sg-4250 Firmware | >=8.1<8.1r5 | |
| Eaton Smp Sg-4250 Firmware | >=8.2<8.2r4 | |
| Eaton Smp Sg-4250 Firmware | =7.0 | |
| Eaton Smp Sg-4250 Firmware | =7.1 | |
| Eaton Smp Sg-4250 Firmware | =7.2 | |
| Eaton Smp Sg-4250 | ||
| Eaton Smp 4\/dp Firmware | >=8.0<8.0r9 | |
| Eaton Smp 4\/dp Firmware | >=8.1<8.1r5 | |
| Eaton Smp 4\/dp Firmware | >=8.2<8.2r4 | |
| Eaton Smp 4\/dp Firmware | =6.3 | |
| Eaton Smp 4\/dp Firmware | =7.0 | |
| Eaton Smp 4\/dp Firmware | =7.1 | |
| Eaton Smp 4\/dp Firmware | =7.2 | |
| Eaton Smp 4\/dp | ||
| Eaton Smp 16 Firmware | >=8.0<8.0r9 | |
| Eaton Smp 16 Firmware | =6.3 | |
| Eaton Smp 16 Firmware | =7.0 | |
| Eaton Smp 16 Firmware | =7.1 | |
| Eaton Smp 16 Firmware | =7.2 | |
| Eaton Smp 16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-43775.
What is the severity level of CVE-2023-43775?
The severity level of CVE-2023-43775 is medium (5.3).
What is the impact of CVE-2023-43775?
CVE-2023-43775 allows an attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product.
Which software versions are affected by CVE-2023-43775?
The Eaton Smp Sg-4260 Firmware versions 8.0 to 8.0r9, 8.1 to 8.1r5, and 8.2 to 8.2r4 are affected by CVE-2023-43775.
Where can I find more information about CVE-2023-43775?
You can find more information about CVE-2023-43775 in the security bulletin published by Eaton: [Link](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2022-1008.pdf).
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/severity
- agent/weakness
- agent/title
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- vendor/eaton
- canonical/eaton smp sg-4260 firmware
- version/eaton smp sg-4260 firmware/8.0
- version/eaton smp sg-4260 firmware/8.1
- version/eaton smp sg-4260 firmware/8.2
- canonical/eaton smp sg-4260
- canonical/eaton smp sg-4250 firmware
- version/eaton smp sg-4250 firmware/8.0
- version/eaton smp sg-4250 firmware/8.1
- version/eaton smp sg-4250 firmware/8.2
- version/eaton smp sg-4250 firmware/7.0
- version/eaton smp sg-4250 firmware/7.1
- version/eaton smp sg-4250 firmware/7.2
- canonical/eaton smp sg-4250
- canonical/eaton smp 4\/dp firmware
- version/eaton smp 4\/dp firmware/8.0
- version/eaton smp 4\/dp firmware/8.1
- version/eaton smp 4\/dp firmware/8.2
- version/eaton smp 4\/dp firmware/6.3
- version/eaton smp 4\/dp firmware/7.0
- version/eaton smp 4\/dp firmware/7.1
- version/eaton smp 4\/dp firmware/7.2
- canonical/eaton smp 4\/dp
- canonical/eaton smp 16 firmware
- version/eaton smp 16 firmware/8.0
- version/eaton smp 16 firmware/6.3
- version/eaton smp 16 firmware/7.0
- version/eaton smp 16 firmware/7.1
- version/eaton smp 16 firmware/7.2
- canonical/eaton smp 16