CVE-2023-25556

Description

A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation.

References

Link	Tags
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-25556?: CVE-2023-25556 has been scored as a high severity vulnerability.
How to fix CVE-2023-25556?: To fix CVE-2023-25556, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-25556 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-25556 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-25556?: CVE-2023-25556 affects Schneider Electric Merten INSTABUS Tastermodul 1fach System M 625199, Schneider Electric Merten INSTABUS Tastermodul 2fach System M 625299, Schneider Electric Merten Tasterschnittstelle 4fach plus 670804, Schneider Electric Merten KNX ARGUS 180/2,20M UP SYSTEM 631725, Schneider Electric Merten Jalousie-/Schaltaktor REG-K/8x/16x/10 m. HB 649908, Schneider Electric Merten KNX Uni-Dimmaktor LL REG-K/2x230/300 W MEG6710-0002, Schneider Electric Merten KNX Schaltakt.2x6A UP m.2 Eing. MEG6003-0002.

Description

Category

CWE-287 – Improper Authentication

References

Frequently Asked Questions