CVE-2013-2782

high

Description

Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

References

http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf

http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01

Details

Source: Mitre, NVD

Published: 2013-08-28

Updated: 2013-08-29

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N