CVE-2023-25556
HIGHCVSS 8.8/10EPSS 0.36%
Last modified
CVE-2023-25556 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation. . EPSS estimates a 0.36% chance of exploitation in the next 30 days.
Description
A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Merten Instabus Tastermodul 1fach System M Firmware | 1.0 |
| Schneider-Electric | Merten Instabus Tastermodul 2fach System M Firmware | 1.0 |
| Schneider-Electric | Merten Tasterschnittstelle 4fach Plus Firmware | 1.0 |
| Schneider-Electric | Merten Tasterschnittstelle 4fach Plus Firmware | 1.2 |
| Schneider-Electric | Merten Knx Argus 180\/2\,20m Up System Firmware | 1.0 |
| Schneider-Electric | Merten Jalousie-\/Schaltaktor Reg-K\/8x\/16x\/10 M. Hb Firmware | 1.0 |
| Schneider-Electric | Merten Knx Uni-Dimmaktor Ll Reg-K\/2x230\/300 W Firmware | 1.0 |
| Schneider-Electric | Merten Knx Uni-Dimmaktor Ll Reg-K\/2x230\/300 W Firmware | 1.1 |
| Schneider-Electric | Merten Knx Schaltakt.2x6a Up M.2 Eing. Firmware | 0.1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-25556?
A CWE-287: Improper Authentication vulnerability exists that could allow a device to be
compromised when a key of less than seven digits is entered and the attacker has access to the
KNX installation.
How severe is CVE-2023-25556?
CVE-2023-25556 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.36% probability of exploitation in the next 30 days.
How do I fix CVE-2023-25556?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2023-25556?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST