CVE-2023-25556 - Vulnerability Details

Vendors	Products
Schneider-electric	Merten Instabus Tastermodul 1fach System M Merten Instabus Tastermodul 1fach System M Firmware Merten Instabus Tastermodul 2fach System M Merten Instabus Tastermodul 2fach System M Firmware Merten Jalousie-\/schaltaktor Reg-k\/8x\/16x\/10 M. Hb Merten Jalousie-\/schaltaktor Reg-k\/8x\/16x\/10 M. Hb Firmware Merten Knx Argus 180\/2\,20m Up System Merten Knx Argus 180\/2\,20m Up System Firmware Merten Knx Schaltakt.2x6a Up M.2 Eing. Merten Knx Schaltakt.2x6a Up M.2 Eing. Firmware Merten Knx Uni-dimmaktor Ll Reg-k\/2x230\/300 W Merten Knx Uni-dimmaktor Ll Reg-k\/2x230\/300 W Firmware Merten Tasterschnittstelle 4fach Plus Merten Tasterschnittstelle 4fach Plus Firmware

Link	Providers
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-25556", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "state": "PUBLISHED", "assignerShortName": "schneider", "dateReserved": "2023-02-07T17:00:03.780Z", "datePublished": "2023-04-18T17:03:07.661Z", "dateUpdated": "2025-02-05T21:15:50.417Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Merten INSTABUS Tastermodul 1fach System M 625199", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Program Version 1.0"}]}, {"defaultStatus": "unaffected", "product": "Merten INSTABUS Tastermodul 2fach System M 625299", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Program Version 1.0"}]}, {"defaultStatus": "unaffected", "product": "Merten Tasterschnittstelle 4fach plus 670804", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Program Version 1.0"}, {"status": "affected", "version": "Program Version 1.2"}]}, {"defaultStatus": "unaffected", "product": "Merten KNX ARGUS 180/2,20M UP SYSTEM 631725", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Program Version 1.0"}]}, {"defaultStatus": "unaffected", "product": "Merten Jalousie-/Schaltaktor REG-K/8x/16x/10 m. HB 649908", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Program Version 1.0"}]}, {"defaultStatus": "unaffected", "product": "Merten KNX Uni-Dimmaktor LL REG-K/2x230/300 W MEG6710-0002", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Program Version 1.0"}, {"status": "affected", "version": "Program Version 1.1"}]}, {"defaultStatus": "unaffected", "product": "Merten KNX Schaltakt.2x6A UP m.2 Eing. MEG6003-0002", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Program Version 0.1"}]}], "datePublic": "2023-02-14T08:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nA CWE-287: Improper Authentication vulnerability exists that could allow a device to be\ncompromised when a key of less than seven digits is entered and the attacker has access to the\nKNX installation.\n\n"}], "value": "\nA CWE-287: Improper Authentication vulnerability exists that could allow a device to be\ncompromised when a key of less than seven digits is entered and the attacker has access to the\nKNX installation.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2023-04-18T17:03:07.661Z"}, "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:25:19.293Z"}, "title": "CVE Program Container", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-05T21:15:37.967798Z", "id": "CVE-2023-25556", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T21:15:50.417Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-25556 (string)

assignerOrgId : 076d1eb6-cfab-4401-b34d-6dfc2a413bdb (string)

state : PUBLISHED (string)

assignerShortName : schneider (string)

dateReserved : 2023-02-07T17:00:03.780Z (string)

datePublished : 2023-04-18T17:03:07.661Z (string)

dateUpdated : 2025-02-05T21:15:50.417Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unaffected (string)

product : Merten INSTABUS Tastermodul 1fach System M 625199 (string)

vendor : Schneider Electric (string)

versions : [ »

0 : { »

status : affected (string)

version : Program Version 1.0 (string)

}

]

}

1 : { »

defaultStatus : unaffected (string)

product : Merten INSTABUS Tastermodul 2fach System M 625299 (string)

vendor : Schneider Electric (string)

versions : [ »

0 : { »

status : affected (string)

version : Program Version 1.0 (string)

}

]

}

2 : { »

defaultStatus : unaffected (string)

product : Merten Tasterschnittstelle 4fach plus 670804 (string)

vendor : Schneider Electric (string)

versions : [ »

0 : { »

status : affected (string)

version : Program Version 1.0 (string)

}

1 : { »

status : affected (string)

version : Program Version 1.2 (string)

}

]

}

3 : { »

defaultStatus : unaffected (string)

product : Merten KNX ARGUS 180/2,20M UP SYSTEM 631725 (string)

vendor : Schneider Electric (string)

versions : [ »

0 : { »

status : affected (string)

version : Program Version 1.0 (string)

}

]

}

4 : { »

defaultStatus : unaffected (string)

product : Merten Jalousie-/Schaltaktor REG-K/8x/16x/10 m. HB 649908 (string)

vendor : Schneider Electric (string)

versions : [ »

0 : { »

status : affected (string)

version : Program Version 1.0 (string)

}

]

}

5 : { »

defaultStatus : unaffected (string)

product : Merten KNX Uni-Dimmaktor LL REG-K/2x230/300 W MEG6710-0002 (string)

vendor : Schneider Electric (string)

versions : [ »

0 : { »

status : affected (string)

version : Program Version 1.0 (string)

}

1 : { »

status : affected (string)

version : Program Version 1.1 (string)

}

]

}

6 : { »

defaultStatus : unaffected (string)

product : Merten KNX Schaltakt.2x6A UP m.2 Eing. MEG6003-0002 (string)

vendor : Schneider Electric (string)

versions : [ »

0 : { »

status : affected (string)

version : Program Version 0.1 (string)

}

]

}

]

datePublic : 2023-02-14T08:00:00.000Z (string)

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation. (string)

}

]

value : A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : ADJACENT_NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.3 (number)

baseSeverity : HIGH (string)

confidentialityImpact : LOW (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H (string)

version : 3.1 (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-287 (string)

description : CWE-287 Improper Authentication (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

orgId : 076d1eb6-cfab-4401-b34d-6dfc2a413bdb (string)

shortName : schneider (string)

dateUpdated : 2023-04-18T17:03:07.661Z (string)

}

references : [ »

0 : { »

url : https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T11:25:19.293Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-02-05T21:15:37.967798Z (string)

id : CVE-2023-25556 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-02-05T21:15:50.417Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:25:19.293Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-25556", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-05T21:15:37.967798Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T21:15:43.722Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Schneider Electric", "product": "Merten INSTABUS Tastermodul 1fach System M 625199", "versions": [{"status": "affected", "version": "Program Version 1.0"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Merten INSTABUS Tastermodul 2fach System M 625299", "versions": [{"status": "affected", "version": "Program Version 1.0"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Merten Tasterschnittstelle 4fach plus 670804", "versions": [{"status": "affected", "version": "Program Version 1.0"}, {"status": "affected", "version": "Program Version 1.2"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Merten KNX ARGUS 180/2,20M UP SYSTEM 631725", "versions": [{"status": "affected", "version": "Program Version 1.0"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Merten Jalousie-/Schaltaktor REG-K/8x/16x/10 m. HB 649908", "versions": [{"status": "affected", "version": "Program Version 1.0"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Merten KNX Uni-Dimmaktor LL REG-K/2x230/300 W MEG6710-0002", "versions": [{"status": "affected", "version": "Program Version 1.0"}, {"status": "affected", "version": "Program Version 1.1"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Merten KNX Schaltakt.2x6A UP m.2 Eing. MEG6003-0002", "versions": [{"status": "affected", "version": "Program Version 0.1"}], "defaultStatus": "unaffected"}], "datePublic": "2023-02-14T08:00:00.000Z", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nA CWE-287: Improper Authentication vulnerability exists that could allow a device to be\ncompromised when a key of less than seven digits is entered and the attacker has access to the\nKNX installation.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\nA CWE-287: Improper Authentication vulnerability exists that could allow a device to be\ncompromised when a key of less than seven digits is entered and the attacker has access to the\nKNX installation.\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2023-04-18T17:03:07.661Z"}}}, "cveMetadata": {"cveId": "CVE-2023-25556", "state": "PUBLISHED", "dateUpdated": "2025-02-05T21:15:50.417Z", "dateReserved": "2023-02-07T17:00:03.780Z", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "datePublished": "2023-04-18T17:03:07.661Z", "assignerShortName": "schneider"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T11:25:19.293Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-25556 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-02-05T21:15:37.967798Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-02-05T21:15:43.722Z (string)

}

]

cna : { »

source : { »

discovery : UNKNOWN (string)

}

metrics : [ »

0 : { »

format : CVSS (string)

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 8.3 (number)

attackVector : ADJACENT_NETWORK (string)

baseSeverity : HIGH (string)

vectorString : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H (string)

integrityImpact : HIGH (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : NONE (string)

confidentialityImpact : LOW (string)

}

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

affected : [ »

0 : { »

vendor : Schneider Electric (string)

product : Merten INSTABUS Tastermodul 1fach System M 625199 (string)

versions : [ »

0 : { »

status : affected (string)

version : Program Version 1.0 (string)

}

]

defaultStatus : unaffected (string)

}

1 : { »

vendor : Schneider Electric (string)

product : Merten INSTABUS Tastermodul 2fach System M 625299 (string)

versions : [ »

0 : { »

status : affected (string)

version : Program Version 1.0 (string)

}

]

defaultStatus : unaffected (string)

}

2 : { »

vendor : Schneider Electric (string)

product : Merten Tasterschnittstelle 4fach plus 670804 (string)

versions : [ »

0 : { »

status : affected (string)

version : Program Version 1.0 (string)

}

1 : { »

status : affected (string)

version : Program Version 1.2 (string)

}

]

defaultStatus : unaffected (string)

}

3 : { »

vendor : Schneider Electric (string)

product : Merten KNX ARGUS 180/2,20M UP SYSTEM 631725 (string)

versions : [ »

0 : { »

status : affected (string)

version : Program Version 1.0 (string)

}

]

defaultStatus : unaffected (string)

}

4 : { »

vendor : Schneider Electric (string)

product : Merten Jalousie-/Schaltaktor REG-K/8x/16x/10 m. HB 649908 (string)

versions : [ »

0 : { »

status : affected (string)

version : Program Version 1.0 (string)

}

]

defaultStatus : unaffected (string)

}

5 : { »

vendor : Schneider Electric (string)

product : Merten KNX Uni-Dimmaktor LL REG-K/2x230/300 W MEG6710-0002 (string)

versions : [ »

0 : { »

status : affected (string)

version : Program Version 1.0 (string)

}

1 : { »

status : affected (string)

version : Program Version 1.1 (string)

}

]

defaultStatus : unaffected (string)

}

6 : { »

vendor : Schneider Electric (string)

product : Merten KNX Schaltakt.2x6A UP m.2 Eing. MEG6003-0002 (string)

versions : [ »

0 : { »

status : affected (string)

version : Program Version 0.1 (string)

}

]

defaultStatus : unaffected (string)

}

]

datePublic : 2023-02-14T08:00:00.000Z (string)

references : [ »

0 : { »

url : https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf (string)

}

]

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation. (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation. (string)

base64 : false (boolean)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-287 (string)

description : CWE-287 Improper Authentication (string)

}

]

}

]

providerMetadata : { »

orgId : 076d1eb6-cfab-4401-b34d-6dfc2a413bdb (string)

shortName : schneider (string)

dateUpdated : 2023-04-18T17:03:07.661Z (string)

}

cveMetadata : { »

cveId : CVE-2023-25556 (string)

state : PUBLISHED (string)

dateUpdated : 2025-02-05T21:15:50.417Z (string)

dateReserved : 2023-02-07T17:00:03.780Z (string)

assignerOrgId : 076d1eb6-cfab-4401-b34d-6dfc2a413bdb (string)

datePublished : 2023-04-18T17:03:07.661Z (string)

assignerShortName : schneider (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_1fach_system_m_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "07A53874-254C-4CA0-9CA8-387094723B4A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_1fach_system_m:-:*:*:*:*:*:*:*", "matchCriteriaId": "29918B0B-9089-46B0-B86E-B78BFB5F0DB6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_2fach_system_m_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "10E0A138-4F3A-434D-B52D-5EE91CD7E2EA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_2fach_system_m:-:*:*:*:*:*:*:*", "matchCriteriaId": "D4676AD5-F82E-42C0-B6A2-3D57F075C532", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F7B565DF-3403-45E2-8C12-010DAFDA308E", "vulnerable": true}, {"criteria": "cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "5CA73BB4-92DA-49BF-89D6-B037EF16F963", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:merten_tasterschnittstelle_4fach_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "46DEB9E7-1212-4BCA-8C23-72B2F45A97BF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:merten_knx_argus_180\\/2\\,20m_up_system_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F9D64205-D9F0-4199-8BEF-68979E7DB147", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:merten_knx_argus_180\\/2\\,20m_up_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "559DECE9-5779-40B5-AF91-C97B3731AF73", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:merten_jalousie-\\/schaltaktor_reg-k\\/8x\\/16x\\/10_m._hb_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "65F4A4D6-B1EF-41DC-B392-8BE542F473A2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:merten_jalousie-\\/schaltaktor_reg-k\\/8x\\/16x\\/10_m._hb:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FAF80D9-ED66-4D7A-8E1F-80D096B95DC6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\\/2x230\\/300_w_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F7709BD4-99D8-4155-8EDE-62D4E58096FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\\/2x230\\/300_w_firmware:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A79222B6-2823-40D8-9A4B-52140789C7F6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\\/2x230\\/300_w:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC7716A5-1CF8-4B90-952F-64E1B160BB2C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing._firmware:0.1:*:*:*:*:*:*:*", "matchCriteriaId": "501E6F54-418C-46A1-997B-CE3AAEBF0D2F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing.:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B2F19DC-9F7A-431D-B0F9-559A9D49F53B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nA CWE-287: Improper Authentication vulnerability exists that could allow a device to be\ncompromised when a key of less than seven digits is entered and the attacker has access to the\nKNX installation.\n\n"}], "id": "CVE-2023-25556", "lastModified": "2024-11-21T07:49:43.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "cybersecurity@se.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-18T18:15:07.357", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "cybersecurity@se.com", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_1fach_system_m_firmware:1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 07A53874-254C-4CA0-9CA8-387094723B4A (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_1fach_system_m:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 29918B0B-9089-46B0-B86E-B78BFB5F0DB6 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_2fach_system_m_firmware:1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 10E0A138-4F3A-434D-B52D-5EE91CD7E2EA (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_2fach_system_m:-:*:*:*:*:*:*:* (string)

matchCriteriaId : D4676AD5-F82E-42C0-B6A2-3D57F075C532 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : F7B565DF-3403-45E2-8C12-010DAFDA308E (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 5CA73BB4-92DA-49BF-89D6-B037EF16F963 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:merten_tasterschnittstelle_4fach_plus:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 46DEB9E7-1212-4BCA-8C23-72B2F45A97BF (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:merten_knx_argus_180\/2\,20m_up_system_firmware:1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : F9D64205-D9F0-4199-8BEF-68979E7DB147 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:merten_knx_argus_180\/2\,20m_up_system:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 559DECE9-5779-40B5-AF91-C97B3731AF73 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb_firmware:1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 65F4A4D6-B1EF-41DC-B392-8BE542F473A2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:merten_jalousie-\/schaltaktor_reg-k\/8x\/16x\/10_m._hb:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 0FAF80D9-ED66-4D7A-8E1F-80D096B95DC6 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w_firmware:1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : F7709BD4-99D8-4155-8EDE-62D4E58096FD (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w_firmware:1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A79222B6-2823-40D8-9A4B-52140789C7F6 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\/2x230\/300_w:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DC7716A5-1CF8-4B90-952F-64E1B160BB2C (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

6 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing._firmware:0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 501E6F54-418C-46A1-997B-CE3AAEBF0D2F (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing.:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 0B2F19DC-9F7A-431D-B0F9-559A9D49F53B (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation. (string)

}

]

id : CVE-2023-25556 (string)

lastModified : 2024-11-21T07:49:43.417 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : ADJACENT_NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.3 (number)

baseSeverity : HIGH (string)

confidentialityImpact : LOW (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.5 (number)

source : cybersecurity@se.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : ADJACENT_NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-04-18T18:15:07.357 (string)

references : [ »

0 : { »

source : cybersecurity@se.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf (string)

}

]

sourceIdentifier : cybersecurity@se.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-287 (string)

}

]

source : cybersecurity@se.com (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object