Vulnerabilities > CVE-2023-43775 - Unspecified vulnerability in Eaton products

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

eaton

NVD

Published: 2023-09-27

Updated: 2023-10-02

Summary

Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause the SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is not vulnerable anymore.

Vulnerable Configurations

Part	Description	Count
OS	Eaton Eaton SMP SG 4260 Firmware 8.0 Eaton SMP SG 4260 Firmware 8.1 Eaton SMP SG 4260 Firmware 8.2 Eaton SMP SG 4250 Firmware 8.0 Eaton SMP SG 4250 Firmware 8.1 Eaton SMP SG 4250 Firmware 8.2 Eaton SMP SG 4250 Firmware 7.0 Eaton SMP SG 4250 Firmware 7.1 Eaton SMP SG 4250 Firmware 7.2 Eaton SMP 4/Dp Firmware 8.0 Eaton SMP 4/Dp Firmware 8.1 Eaton SMP 4/Dp Firmware 8.2 Eaton SMP 4/Dp Firmware 6.3 Eaton SMP 4/Dp Firmware 7.0 Eaton SMP 4/Dp Firmware 7.1 Eaton SMP 4/Dp Firmware 7.2 Eaton SMP 16 Firmware 8.0 Eaton SMP 16 Firmware 6.3 Eaton SMP 16 Firmware 7.0 Eaton SMP 16 Firmware 7.1 Eaton SMP 16 Firmware 7.2	21
Hardware	Eaton Eaton SMP SG 4260 - Eaton SMP SG 4250 - Eaton SMP 4/Dp - Eaton SMP 16 -	4

References

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2022-1008.pdf