Vulnerability Description
Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hetronic | Nova-M Firmware | < r161 |
| Hetronic | Nova-M | - |
| Hetronic | Es-Can-Hl Firmware | < main_r1864 |
| Hetronic | Es-Can-Hl | - |
| Hetronic | Bms-Hl Firmware | < main_r1175 |
| Hetronic | Bms-Hl | - |
| Hetronic | Mlc Firmware | < main_r1600 |
| Hetronic | Mlc | - |
| Hetronic | Dc Mobile Firmware | < main_r515 |
| Hetronic | Dc Mobile | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106448Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/106448Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-19023?
CVE-2018-19023 is a vulnerability with a CVSS score of 8.8 (HIGH). Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or kee...
How severe is CVE-2018-19023?
CVE-2018-19023 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-19023?
Check the references section above for vendor advisories and patch information. Affected products include: Hetronic Nova-M Firmware, Hetronic Nova-M, Hetronic Es-Can-Hl Firmware, Hetronic Es-Can-Hl, Hetronic Bms-Hl Firmware.