CVE-2023-25556

A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_1fach_system_m_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_1fach_system_m:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_2fach_system_m_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_2fach_system_m:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.2:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:merten_tasterschnittstelle_4fach_plus:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:schneider-electric:merten_knx_argus_180\/2\,20m_up_system_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:merten_knx_argus_180\/2\,20m_up_system:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:schneider-electric:merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w_firmware:1.1:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing._firmware:0.1:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing.:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-04-18 18:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-25556

Mitre link : CVE-2023-25556

CVE.ORG link : CVE-2023-25556


JSON object : View

Products Affected

schneider-electric

  • merten_instabus_tastermodul_2fach_system_m
  • merten_tasterschnittstelle_4fach_plus_firmware
  • merten_knx_schaltakt.2x6a_up_m.2_eing.
  • merten_instabus_tastermodul_1fach_system_m
  • merten_knx_argus_180\/2\,20m_up_system
  • merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w_firmware
  • merten_instabus_tastermodul_2fach_system_m_firmware
  • merten_tasterschnittstelle_4fach_plus
  • merten_knx_argus_180\/2\,20m_up_system_firmware
  • merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w
  • merten_knx_schaltakt.2x6a_up_m.2_eing._firmware
  • merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb
  • merten_instabus_tastermodul_1fach_system_m_firmware
  • merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb_firmware
CWE
CWE-287

Improper Authentication