CVE-2013-2782 - OpenCVE

Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Tburjr900 Tburjr900 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:h:schneider-electric:tburjr900:00002dh0:::::::*
	cpe:2.3:h:schneider-electric:tburjr900:00002eh0:::::::*
	cpe:2.3:h:schneider-electric:tburjr900:01002dh0:::::::*
	cpe:2.3:h:schneider-electric:tburjr900:01002eh0:::::::*
	cpe:2.3:h:schneider-electric:tburjr900:05002dh0:::::::*
	cpe:2.3:h:schneider-electric:tburjr900:05002eh0:::::::*
	cpe:2.3:h:schneider-electric:tburjr900:06002dh0:::::::*
	cpe:2.3:h:schneider-electric:tburjr900:06002eh0:::::::*

OR	cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.0:::::::*
	cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.1:::::::*
	cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.2:::::::*
	cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.3:::::::*

No data.

References

Link	Providers
http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01
http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2013-08-28T01:00:00Z

Updated: 2024-09-16T16:22:35.646Z

Reserved: 2013-04-11T00:00:00Z

Link: CVE-2013-2782

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-08-28T13:09:15.230

Modified: 2013-08-29T13:04:39.127

Link: CVE-2013-2782

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-08-28T01:00:00Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2013-2782", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01"}, {"name": "http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf", "refsource": "CONFIRM", "url": "http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:44:33.682Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2013-2782", "datePublished": "2013-08-28T01:00:00Z", "dateReserved": "2013-04-11T00:00:00Z", "dateUpdated": "2024-09-16T16:22:35.646Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tburjr900:00002dh0:*:*:*:*:*:*:*", "matchCriteriaId": "3689A9D3-40FB-4135-A9D3-DFC7AFE7B10B", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:tburjr900:00002eh0:*:*:*:*:*:*:*", "matchCriteriaId": "A92E024D-02C0-4B76-8352-ED5357DE34CA", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:tburjr900:01002dh0:*:*:*:*:*:*:*", "matchCriteriaId": "816CA3DE-9453-4D60-886B-2BFED178B81B", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:tburjr900:01002eh0:*:*:*:*:*:*:*", "matchCriteriaId": "9BF82506-8036-4928-9C88-F1DB3B7CCD74", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:tburjr900:05002dh0:*:*:*:*:*:*:*", "matchCriteriaId": "61D7AD31-432E-48AE-A0FB-C6868164A461", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:tburjr900:05002eh0:*:*:*:*:*:*:*", "matchCriteriaId": "07890C35-BB97-416E-A451-9AE2B35FA83A", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:tburjr900:06002dh0:*:*:*:*:*:*:*", "matchCriteriaId": "5DB839C6-C3D3-4C61-BC6B-F550AF152965", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:tburjr900:06002eh0:*:*:*:*:*:*:*", "matchCriteriaId": "580C28C8-0136-4F1F-8768-DF4C2F2A0500", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "29917F5D-651B-40C5-B5F7-0170B90389FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "483A3AE5-8421-47CB-8CB8-689D594EDE11", "vulnerable": true}, {"criteria": "cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "4B1C8EB0-8562-44B0-9BAE-891089695AE8", "vulnerable": true}, {"criteria": "cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "73E32FDE-9828-4E29-B0C0-BB1899A3296A", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation."}, {"lang": "es", "value": "Schneider Electric Trio J-Series License Free Ethernet Radio con firmware v3.6.0 hasta v3.6.3 utiliza la misma clave de cifrado AES en las distintas instalaciones de los clientes, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos saltarse los mecanismos de protecci\u00f3n de cifrado, mediante el aprovechamiento de los conocimientos de esta clave a partir de otra instalaci\u00f3n."}], "id": "CVE-2013-2782", "lastModified": "2013-08-29T13:04:39.127", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-08-28T13:09:15.230", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}