1. Home
  2. CVE Database
  3. CVE-2023-25556
HIGH · 8.3

CVE-2023-25556

A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation...

Vulnerability Description

A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation.

CVSS Score

8.3

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Schneider-ElectricMerten Instabus Tastermodul 1Fach System M Firmware1.0
Schneider-ElectricMerten Instabus Tastermodul 1Fach System M-
Schneider-ElectricMerten Instabus Tastermodul 2Fach System M Firmware1.0
Schneider-ElectricMerten Instabus Tastermodul 2Fach System M-
Schneider-ElectricMerten Tasterschnittstelle 4Fach Plus Firmware1.0
Schneider-ElectricMerten Tasterschnittstelle 4Fach Plus-
Schneider-ElectricMerten Knx Argus 180\/2\,20M Up System Firmware1.0
Schneider-ElectricMerten Knx Argus 180\/2\,20M Up System-
Schneider-ElectricMerten Jalousie-\/Schaltaktor Reg-K\/8X\/16X\/10 M. Hb Firmware1.0
Schneider-ElectricMerten Jalousie-\/Schaltaktor Reg-K\/8X\/16X\/10 M. Hb-
Schneider-ElectricMerten Knx Uni-Dimmaktor Ll Reg-K\/2X230\/300 W Firmware1.0
Schneider-ElectricMerten Knx Uni-Dimmaktor Ll Reg-K\/2X230\/300 W-
Schneider-ElectricMerten Knx Schaltakt.2X6A Up M.2 Eing. Firmware0.1
Schneider-ElectricMerten Knx Schaltakt.2X6A Up M.2 Eing.-

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2023-25556?

CVE-2023-25556 is a vulnerability with a CVSS score of 8.3 (HIGH). A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation...

How severe is CVE-2023-25556?

CVE-2023-25556 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-25556?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Merten Instabus Tastermodul 1Fach System M Firmware, Schneider-Electric Merten Instabus Tastermodul 1Fach System M, Schneider-Electric Merten Instabus Tastermodul 2Fach System M Firmware, Schneider-Electric Merten Instabus Tastermodul 2Fach System M, Schneider-Electric Merten Tasterschnittstelle 4Fach Plus Firmware.