Vulnerabilities > CVE-2013-2782 - Cryptographic Issues vulnerability in Schneider-Electric Tburjr900 and Tburjr900 Firmware

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

schneider-electric

CWE-310

critical

NVD

Published: 2013-08-28

Updated: 2013-08-29

Summary

Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

Vulnerable Configurations

Part	Description	Count
Hardware	Schneider-Electric Schneider Electric Tburjr900 00002Dh0 Schneider Electric Tburjr900 00002Eh0 Schneider Electric Tburjr900 01002Dh0 Schneider Electric Tburjr900 01002Eh0 Schneider Electric Tburjr900 05002Dh0 Schneider Electric Tburjr900 05002Eh0 Schneider Electric Tburjr900 06002Dh0 Schneider Electric Tburjr900 06002Eh0	8
OS	Schneider-Electric Schneider Electric Tburjr900 Firmware 3.6.0 Schneider Electric Tburjr900 Firmware 3.6.1 Schneider Electric Tburjr900 Firmware 3.6.2 Schneider Electric Tburjr900 Firmware 3.6.3	4

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References