CVE-2023-25556

Summary

A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricMerten INSTABUS Tastermodul 1fach System M 625199Program Version 1.0affected
Schneider ElectricMerten INSTABUS Tastermodul 2fach System M 625299Program Version 1.0affected
Schneider ElectricMerten Tasterschnittstelle 4fach plus 670804Program Version 1.0affected
Schneider ElectricMerten Tasterschnittstelle 4fach plus 670804Program Version 1.2affected
Schneider ElectricMerten KNX ARGUS 180/2,20M UP SYSTEM 631725Program Version 1.0affected
Schneider ElectricMerten Jalousie-/Schaltaktor REG-K/8x/16x/10 m. HB 649908Program Version 1.0affected
Schneider ElectricMerten KNX Uni-Dimmaktor LL REG-K/2x230/300 W MEG6710-0002Program Version 1.0affected
Schneider ElectricMerten KNX Uni-Dimmaktor LL REG-K/2x230/300 W MEG6710-0002Program Version 1.1affected
Schneider ElectricMerten KNX Schaltakt.2x6A UP m.2 Eing. MEG6003-0002Program Version 0.1affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References