Описание
Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
Ссылки
- US Government Resource
- Vendor Advisory
- US Government Resource
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:h:schneider-electric:tburjr900:00002dh0:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:tburjr900:00002eh0:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:tburjr900:01002dh0:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:tburjr900:01002eh0:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:tburjr900:05002dh0:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:tburjr900:05002eh0:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:tburjr900:06002dh0:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:tburjr900:06002eh0:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.0:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.1:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.2:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.3:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00252
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-310
Связанные уязвимости
github
больше 3 лет назад
Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
EPSS
Процентиль: 48%
0.00252
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-310