{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-25556", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "state": "PUBLISHED", "assignerShortName": "schneider", "dateReserved": "2023-02-07T17:00:03.780Z", "datePublished": "2023-04-18T17:03:07.661Z", "dateUpdated": "2023-04-18T17:03:07.661Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Merten INSTABUS Tastermodul 1fach System M 625199", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Program Version 1.0"}]}, {"defaultStatus": "unaffected", "product": "Merten INSTABUS Tastermodul 2fach System M 625299", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Program Version 1.0"}]}, {"defaultStatus": "unaffected", "product": "Merten Tasterschnittstelle 4fach plus 670804", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Program Version 1.0"}, {"status": "affected", "version": "Program Version 1.2"}]}, {"defaultStatus": "unaffected", "product": "Merten KNX ARGUS 180/2,20M UP SYSTEM 631725", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Program Version 1.0"}]}, {"defaultStatus": "unaffected", "product": "Merten Jalousie-/Schaltaktor REG-K/8x/16x/10 m. HB 649908", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Program Version 1.0"}]}, {"defaultStatus": "unaffected", "product": "Merten KNX Uni-Dimmaktor LL REG-K/2x230/300 W MEG6710-0002", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Program Version 1.0"}, {"status": "affected", "version": "Program Version 1.1"}]}, {"defaultStatus": "unaffected", "product": "Merten KNX Schaltakt.2x6A UP m.2 Eing. MEG6003-0002", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Program Version 0.1"}]}], "datePublic": "2023-02-14T08:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nA CWE-287: Improper Authentication vulnerability exists that could allow a device to be\ncompromised when a key of less than seven digits is entered and the attacker has access to the\nKNX installation.\n\n"}], "value": "\nA CWE-287: Improper Authentication vulnerability exists that could allow a device to be\ncompromised when a key of less than seven digits is entered and the attacker has access to the\nKNX installation.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2023-04-18T17:03:07.661Z"}, "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_1fach_system_m_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "07A53874-254C-4CA0-9CA8-387094723B4A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_1fach_system_m:-:*:*:*:*:*:*:*", "matchCriteriaId": "29918B0B-9089-46B0-B86E-B78BFB5F0DB6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_2fach_system_m_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "10E0A138-4F3A-434D-B52D-5EE91CD7E2EA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_2fach_system_m:-:*:*:*:*:*:*:*", "matchCriteriaId": "D4676AD5-F82E-42C0-B6A2-3D57F075C532", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F7B565DF-3403-45E2-8C12-010DAFDA308E", "vulnerable": true}, {"criteria": "cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "5CA73BB4-92DA-49BF-89D6-B037EF16F963", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:merten_tasterschnittstelle_4fach_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "46DEB9E7-1212-4BCA-8C23-72B2F45A97BF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:merten_knx_argus_180\\/2\\,20m_up_system_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F9D64205-D9F0-4199-8BEF-68979E7DB147", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:merten_knx_argus_180\\/2\\,20m_up_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "559DECE9-5779-40B5-AF91-C97B3731AF73", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:merten_jalousie-\\/schaltaktor_reg-k\\/8x\\/16x\\/10_m._hb_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "65F4A4D6-B1EF-41DC-B392-8BE542F473A2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:merten_jalousie-\\/schaltaktor_reg-k\\/8x\\/16x\\/10_m._hb:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FAF80D9-ED66-4D7A-8E1F-80D096B95DC6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\\/2x230\\/300_w_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F7709BD4-99D8-4155-8EDE-62D4E58096FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\\/2x230\\/300_w_firmware:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A79222B6-2823-40D8-9A4B-52140789C7F6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\\/2x230\\/300_w:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC7716A5-1CF8-4B90-952F-64E1B160BB2C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing._firmware:0.1:*:*:*:*:*:*:*", "matchCriteriaId": "501E6F54-418C-46A1-997B-CE3AAEBF0D2F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing.:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B2F19DC-9F7A-431D-B0F9-559A9D49F53B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nA CWE-287: Improper Authentication vulnerability exists that could allow a device to be\ncompromised when a key of less than seven digits is entered and the attacker has access to the\nKNX installation.\n\n"}], "id": "CVE-2023-25556", "lastModified": "2023-04-28T13:36:55.870", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "cybersecurity@se.com", "type": "Secondary"}]}, "published": "2023-04-18T18:15:07.357", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "cybersecurity@se.com", "type": "Primary"}]}

{}