CVE-2018-19023
Last modified
CVE-2018-19023 is a vulnerability of currently unknown severity. Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.. EPSS estimates a 0.75% chance of exploitation in the next 30 days.
Description
Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hetronic | Nova-M Firmware | < r161 |
| Hetronic | Es-Can-Hl Firmware | < main_r1864 |
| Hetronic | Bms-Hl Firmware | < main_r1175 |
| Hetronic | Mlc Firmware | < main_r1600 |
| Hetronic | Dc Mobile Firmware | < main_r515 |
References
- http://www.securityfocus.com/bid/106448Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/106448Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-19023?
How severe is CVE-2018-19023?
How do I fix CVE-2018-19023?
Are you affected by CVE-2018-19023?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST