Strix
26.1K

CVE-2023-43775

MEDIUMCVSS 5.3/10EPSS 0.67%

Last modified

CVE-2023-43775 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause the SMP device to restart in Safe Mode or Max Safe Mode. EPSS estimates a 0.67% chance of exploitation in the next 30 days.

Description

Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause the SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is not vulnerable anymore.

Metrics

CVSS 3.1
5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Probability
0.67%

47.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
EatonSmp Sg-4260 Firmware>= 8.0, < 8.0r9
EatonSmp Sg-4260 Firmware>= 8.1, < 8.1r5
EatonSmp Sg-4260 Firmware>= 8.2, < 8.2r4
EatonSmp Sg-4250 Firmware>= 8.0, < 8.0r9
EatonSmp Sg-4250 Firmware>= 8.1, < 8.1r5
EatonSmp Sg-4250 Firmware>= 8.2, < 8.2r4
EatonSmp Sg-4250 Firmware7.0
EatonSmp Sg-4250 Firmware7.1
EatonSmp Sg-4250 Firmware7.2
EatonSmp 4\/Dp Firmware>= 8.0, < 8.0r9
EatonSmp 4\/Dp Firmware>= 8.1, < 8.1r5
EatonSmp 4\/Dp Firmware>= 8.2, < 8.2r4
EatonSmp 4\/Dp Firmware6.3
EatonSmp 4\/Dp Firmware7.0
EatonSmp 4\/Dp Firmware7.1
EatonSmp 4\/Dp Firmware7.2
EatonSmp 16 Firmware>= 8.0, < 8.0r9
EatonSmp 16 Firmware6.3
EatonSmp 16 Firmware7.0
EatonSmp 16 Firmware7.1
EatonSmp 16 Firmware7.2

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-43775?
Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause the SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is not vulnerable anymore.
How severe is CVE-2023-43775?
CVE-2023-43775 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.67% probability of exploitation in the next 30 days.
How do I fix CVE-2023-43775?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-43775?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST