CVE-2023-25556

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A CWE-287: Improper Authentication vulnerability exists that could allow a device to be
compromised when a key of less than seven digits is entered and the attacker has access to the
KNX installation.

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-02-07 CVE Reserved
2023-04-18 CVE Published
2024-08-02 CVE Updated
2024-11-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf	2023-04-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Schneider-electric Search vendor "Schneider-electric"	Merten Instabus Tastermodul 1fach System M Firmware Search vendor "Schneider-electric" for product "Merten Instabus Tastermodul 1fach System M Firmware"	1.0 Search vendor "Schneider-electric" for product "Merten Instabus Tastermodul 1fach System M Firmware" and version "1.0"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Merten Instabus Tastermodul 1fach System M Search vendor "Schneider-electric" for product "Merten Instabus Tastermodul 1fach System M"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Merten Instabus Tastermodul 2fach System M Firmware Search vendor "Schneider-electric" for product "Merten Instabus Tastermodul 2fach System M Firmware"	1.0 Search vendor "Schneider-electric" for product "Merten Instabus Tastermodul 2fach System M Firmware" and version "1.0"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Merten Instabus Tastermodul 2fach System M Search vendor "Schneider-electric" for product "Merten Instabus Tastermodul 2fach System M"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Merten Tasterschnittstelle 4fach Plus Firmware Search vendor "Schneider-electric" for product "Merten Tasterschnittstelle 4fach Plus Firmware"	1.0 Search vendor "Schneider-electric" for product "Merten Tasterschnittstelle 4fach Plus Firmware" and version "1.0"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Merten Tasterschnittstelle 4fach Plus Search vendor "Schneider-electric" for product "Merten Tasterschnittstelle 4fach Plus"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Merten Tasterschnittstelle 4fach Plus Firmware Search vendor "Schneider-electric" for product "Merten Tasterschnittstelle 4fach Plus Firmware"	1.2 Search vendor "Schneider-electric" for product "Merten Tasterschnittstelle 4fach Plus Firmware" and version "1.2"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Merten Tasterschnittstelle 4fach Plus Search vendor "Schneider-electric" for product "Merten Tasterschnittstelle 4fach Plus"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Merten Knx Argus 180\/2\,20m Up System Firmware Search vendor "Schneider-electric" for product "Merten Knx Argus 180\/2\,20m Up System Firmware"	1.0 Search vendor "Schneider-electric" for product "Merten Knx Argus 180\/2\,20m Up System Firmware" and version "1.0"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Merten Knx Argus 180\/2\,20m Up System Search vendor "Schneider-electric" for product "Merten Knx Argus 180\/2\,20m Up System"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Merten Jalousie-\/schaltaktor Reg-k\/8x\/16x\/10 M. Hb Firmware Search vendor "Schneider-electric" for product "Merten Jalousie-\/schaltaktor Reg-k\/8x\/16x\/10 M. Hb Firmware"	1.0 Search vendor "Schneider-electric" for product "Merten Jalousie-\/schaltaktor Reg-k\/8x\/16x\/10 M. Hb Firmware" and version "1.0"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Merten Jalousie-\/schaltaktor Reg-k\/8x\/16x\/10 M. Hb Search vendor "Schneider-electric" for product "Merten Jalousie-\/schaltaktor Reg-k\/8x\/16x\/10 M. Hb"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Merten Knx Uni-dimmaktor Ll Reg-k\/2x230\/300 W Firmware Search vendor "Schneider-electric" for product "Merten Knx Uni-dimmaktor Ll Reg-k\/2x230\/300 W Firmware"	1.0 Search vendor "Schneider-electric" for product "Merten Knx Uni-dimmaktor Ll Reg-k\/2x230\/300 W Firmware" and version "1.0"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Merten Knx Uni-dimmaktor Ll Reg-k\/2x230\/300 W Search vendor "Schneider-electric" for product "Merten Knx Uni-dimmaktor Ll Reg-k\/2x230\/300 W"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Merten Knx Uni-dimmaktor Ll Reg-k\/2x230\/300 W Firmware Search vendor "Schneider-electric" for product "Merten Knx Uni-dimmaktor Ll Reg-k\/2x230\/300 W Firmware"	1.1 Search vendor "Schneider-electric" for product "Merten Knx Uni-dimmaktor Ll Reg-k\/2x230\/300 W Firmware" and version "1.1"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Merten Knx Uni-dimmaktor Ll Reg-k\/2x230\/300 W Search vendor "Schneider-electric" for product "Merten Knx Uni-dimmaktor Ll Reg-k\/2x230\/300 W"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Merten Knx Schaltakt.2x6a Up M.2 Eing. Firmware Search vendor "Schneider-electric" for product "Merten Knx Schaltakt.2x6a Up M.2 Eing. Firmware"	0.1 Search vendor "Schneider-electric" for product "Merten Knx Schaltakt.2x6a Up M.2 Eing. Firmware" and version "0.1"	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Merten Knx Schaltakt.2x6a Up M.2 Eing. Search vendor "Schneider-electric" for product "Merten Knx Schaltakt.2x6a Up M.2 Eing."	-	-	Safe