Skip to main content

Tburjr900 CVE-2013-2782

CRITICAL
Cryptographic Issues (CWE-310)
2013-08-28 ics-cert@hq.dhs.gov
9.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
AV:N/AC:M/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Aug 28, 2013 - 13:09 cve.org
CRITICAL 9.3

DescriptionCVE.org

Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

AnalysisAI

Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-310. Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. Affected products include: Schneider-Electric Tburjr900, Schneider-Electric Tburjr900 Firmware. Version information: through 3.6.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2013-2782 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy