CVE-2013-2782

{"id": "CVE-2013-2782", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-08-28T13:09:15.230", "references": [{"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01", "tags": ["US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf", "tags": ["Vendor Advisory"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation."}, {"lang": "es", "value": "Schneider Electric Trio J-Series License Free Ethernet Radio con firmware v3.6.0 hasta v3.6.3 utiliza la misma clave de cifrado AES en las distintas instalaciones de los clientes, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos saltarse los mecanismos de protecci\u00f3n de cifrado, mediante el aprovechamiento de los conocimientos de esta clave a partir de otra instalaci\u00f3n."}], "lastModified": "2013-08-29T13:04:39.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tburjr900:00002dh0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3689A9D3-40FB-4135-A9D3-DFC7AFE7B10B"}, {"criteria": "cpe:2.3:h:schneider-electric:tburjr900:00002eh0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A92E024D-02C0-4B76-8352-ED5357DE34CA"}, {"criteria": "cpe:2.3:h:schneider-electric:tburjr900:01002dh0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "816CA3DE-9453-4D60-886B-2BFED178B81B"}, {"criteria": "cpe:2.3:h:schneider-electric:tburjr900:01002eh0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BF82506-8036-4928-9C88-F1DB3B7CCD74"}, {"criteria": "cpe:2.3:h:schneider-electric:tburjr900:05002dh0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61D7AD31-432E-48AE-A0FB-C6868164A461"}, {"criteria": "cpe:2.3:h:schneider-electric:tburjr900:05002eh0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07890C35-BB97-416E-A451-9AE2B35FA83A"}, {"criteria": "cpe:2.3:h:schneider-electric:tburjr900:06002dh0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DB839C6-C3D3-4C61-BC6B-F550AF152965"}, {"criteria": "cpe:2.3:h:schneider-electric:tburjr900:06002eh0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "580C28C8-0136-4F1F-8768-DF4C2F2A0500"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29917F5D-651B-40C5-B5F7-0170B90389FA"}, {"criteria": "cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "483A3AE5-8421-47CB-8CB8-689D594EDE11"}, {"criteria": "cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B1C8EB0-8562-44B0-9BAE-891089695AE8"}, {"criteria": "cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73E32FDE-9828-4E29-B0C0-BB1899A3296A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}