Vulnerability Details CVE-2018-19023
Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 5.8
References
Products affected by CVE-2018-19023
-
cpe:2.3:h:hetronic:bms-hl:-
-
cpe:2.3:h:hetronic:dc_mobile:-
-
cpe:2.3:h:hetronic:es-can-hl:-
-
cpe:2.3:h:hetronic:mlc:-
-
cpe:2.3:h:hetronic:nova-m:-
-
cpe:2.3:o:hetronic:bms-hl_firmware:*
-
cpe:2.3:o:hetronic:dc_mobile_firmware:*
-
cpe:2.3:o:hetronic:es-can-hl_firmware:*
-
cpe:2.3:o:hetronic:mlc_firmware:*
-
cpe:2.3:o:hetronic:nova-m_firmware:*