CVE-2024-4009

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-4009
Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:abb:2tma310010b0001_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:2tma310010b0001:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:abb:2tma310011b0001_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:2tma310011b0001:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:abb:2tma310011b0002_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:2tma310011b0002:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:abb:2tma310010b0003_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:2tma310010b0003:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:abb:2tma310011b0003_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:2tma310011b0003:-:*:*:*:*:*:*:*
History

18 Jun 2024, 17:01

Type Values Removed Values Added
First Time Abb 2tma310010b0001 Firmware
Abb 2tma310010b0003
Abb 2tma310010b0003 Firmware
Abb 2tma310011b0002
Abb 2tma310011b0001 Firmware
Abb 2tma310011b0001
Abb
Abb 2tma310010b0001
Abb 2tma310011b0003
Abb 2tma310011b0003 Firmware
Abb 2tma310011b0002 Firmware
CWE CWE-294
CVSS v2 : unknown
v3 : 9.2 		v2 : unknown
v3 : 7.8
CPE cpe:2.3:h:abb:2tma310010b0001:-:*:*:*:*:*:*:*
cpe:2.3:h:abb:2tma310011b0003:-:*:*:*:*:*:*:*
cpe:2.3:o:abb:2tma310010b0003_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:abb:2tma310011b0001_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:2tma310010b0003:-:*:*:*:*:*:*:*
cpe:2.3:o:abb:2tma310010b0001_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:2tma310011b0001:-:*:*:*:*:*:*:*
cpe:2.3:h:abb:2tma310011b0002:-:*:*:*:*:*:*:*
cpe:2.3:o:abb:2tma310011b0002_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:abb:2tma310011b0003_firmware:*:*:*:*:*:*:*:*
References () https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch - () https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory

06 Jun 2024, 14:17

Type Values Removed Values Added
Summary
  • (es) Replay Attack en ABB, Busch-Jaeger, FTS Display (versión 1.00) y BCU (versión 1.3.0.33) permite al atacante capturar/reproducir telegramas KNX al sistema de bus KNX local

05 Jun 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-05 18:15

Updated : 2024-06-18 17:01

NVD link : CVE-2024-4009

Mitre link : CVE-2024-4009

CVE.ORG link : CVE-2024-4009

JSON object : View

Products Affected

abb

  • 2tma310010b0001_firmware
  • 2tma310011b0002
  • 2tma310011b0003
  • 2tma310011b0001_firmware
  • 2tma310010b0001
  • 2tma310010b0003_firmware
  • 2tma310011b0002_firmware
  • 2tma310011b0001
  • 2tma310011b0003_firmware
  • 2tma310010b0003
CWE
CWE-294

Authentication Bypass by Capture-replay