Vulnerability Details CVE-2023-25556
A CWE-287: Improper Authentication vulnerability exists that could allow a device to be
compromised when a key of less than seven digits is entered and the attacker has access to the
KNX installation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.3%
CVSS Severity
CVSS v3 Score 8.3
References
Products affected by CVE-2023-25556
-
20m_up_system:-
-
20m_up_system_firmware:1.0
-
cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_1fach_system_m:-
-
cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_2fach_system_m:-
-
cpe:2.3:h:schneider-electric:merten_jalousie-/schaltaktor_reg-k/8x/16x/10_m._hb:-
-
cpe:2.3:h:schneider-electric:merten_knx_argus_180/2
-
cpe:2.3:h:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing.:-
-
cpe:2.3:h:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k/2x230/300_w:-
-
cpe:2.3:h:schneider-electric:merten_tasterschnittstelle_4fach_plus:-
-
cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_1fach_system_m_firmware:1.0
-
cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_2fach_system_m_firmware:1.0
-
cpe:2.3:o:schneider-electric:merten_jalousie-/schaltaktor_reg-k/8x/16x/10_m._hb_firmware:1.0
-
cpe:2.3:o:schneider-electric:merten_knx_argus_180/2
-
cpe:2.3:o:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing._firmware:0.1
-
cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k/2x230/300_w_firmware:1.0
-
cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k/2x230/300_w_firmware:1.1
-
cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.0
-
cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.2