CVE-2023-43775

Summary

Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows

attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause the SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is not vulnerable anymore.

Affected Software

VendorProductVersion RangeStatus
EatonSMP SG-42608.0 < 8.0R9affected
EatonSMP SG-42608.1 < 8.1R5affected
EatonSMP SG-42608.2 < 8.2R4affected
EatonSMP SG-42507.0affected
EatonSMP SG-42507.1affected
EatonSMP SG-42507.2affected
EatonSMP SG-42508.0 < 8.0R9affected
EatonSMP SG-42508.1 < 8.1R5affected
EatonSMP SG-42508.2 < 8.2R4affected
EatonSMP 4/DP6.3affected
EatonSMP 4/DP7.0affected
EatonSMP 4/DP7.1affected
EatonSMP 4/DP7.2affected
EatonSMP 4/DP8.0 < 8.0R9affected
EatonSMP 4/DP8.1 < 8.1R5affected
EatonSMP 4/DP8.2 < 8.2R4affected
EatonSMP 166.3affected
EatonSMP 167.0affected
EatonSMP 167.1affected
EatonSMP 167.2affected
EatonSMP 168.0 < 8.0R9affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References