Vulnerability Description
Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Tburjr900 | 00002dh0 |
| Schneider-Electric | Tburjr900 Firmware | 3.6.0 |
Related Weaknesses (CWE)
References
- http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01US Government Resource
- http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01Vendor Advisory
- http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01US Government Resource
- http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01Vendor Advisory
FAQ
What is CVE-2013-2782?
CVE-2013-2782 is a vulnerability with a CVSS score of 9.3 (HIGH). Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for rem...
How severe is CVE-2013-2782?
CVE-2013-2782 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2782?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Tburjr900, Schneider-Electric Tburjr900 Firmware.