CVE-2013-2782

Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01	US Government Resource
http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:h:schneider-electric:tburjr900:01002dh0:::::::*
	cpe:2.3:h:schneider-electric:tburjr900:05002dh0:::::::*
	cpe:2.3:h:schneider-electric:tburjr900:06002dh0:::::::*
	cpe:2.3:h:schneider-electric:tburjr900:00002eh0:::::::*
	cpe:2.3:h:schneider-electric:tburjr900:00002dh0:::::::*
	cpe:2.3:h:schneider-electric:tburjr900:01002eh0:::::::*
	cpe:2.3:h:schneider-electric:tburjr900:06002eh0:::::::*
	cpe:2.3:h:schneider-electric:tburjr900:05002eh0:::::::*

OR	cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.0:::::::*
	cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.1:::::::*
	cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.2:::::::*
	cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.3:::::::*

Information

Published : 2013-08-28 06:09

Updated : 2013-08-29 06:04

NVD link : CVE-2013-2782

Mitre link : CVE-2013-2782

JSON object : View

CWE

CWE-310

Cryptographic Issues

Advertisement

Products Affected

schneider-electric

tburjr900_firmware
tburjr900

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01", "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01", "tags": ["US Government Resource"], "refsource": "MISC"}, {"url": "http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf", "name": "http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-2782", "ASSIGNER": "ics-cert@hq.dhs.gov"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-08-28T13:09Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:schneider-electric:tburjr900:01002dh0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:tburjr900:05002dh0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:tburjr900:06002dh0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:tburjr900:00002eh0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:tburjr900:00002dh0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:tburjr900:01002eh0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:tburjr900:06002eh0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:tburjr900:05002eh0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-08-29T13:04Z"}