CVE-2018-19023

Summary

Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.

Affected Software

VendorProductVersion RangeStatus
HetronicHetronic Nova-MAll versions prior to version r161affected

Weaknesses

  • CWE-294: AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294

ADP Enrichment

CVE Program Container

Additional References

References