Search criteria
3 vulnerabilities found for tburjr900 by schneider-electric
FKIE_CVE-2013-2782
Vulnerability from fkie_nvd - Published: 2013-08-28 13:09 - Updated: 2025-04-11 00:51
Severity ?
Summary
Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | tburjr900 | 00002dh0 | |
| schneider-electric | tburjr900 | 00002eh0 | |
| schneider-electric | tburjr900 | 01002dh0 | |
| schneider-electric | tburjr900 | 01002eh0 | |
| schneider-electric | tburjr900 | 05002dh0 | |
| schneider-electric | tburjr900 | 05002eh0 | |
| schneider-electric | tburjr900 | 06002dh0 | |
| schneider-electric | tburjr900 | 06002eh0 | |
| schneider-electric | tburjr900_firmware | 3.6.0 | |
| schneider-electric | tburjr900_firmware | 3.6.1 | |
| schneider-electric | tburjr900_firmware | 3.6.2 | |
| schneider-electric | tburjr900_firmware | 3.6.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tburjr900:00002dh0:*:*:*:*:*:*:*",
"matchCriteriaId": "3689A9D3-40FB-4135-A9D3-DFC7AFE7B10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:schneider-electric:tburjr900:00002eh0:*:*:*:*:*:*:*",
"matchCriteriaId": "A92E024D-02C0-4B76-8352-ED5357DE34CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:schneider-electric:tburjr900:01002dh0:*:*:*:*:*:*:*",
"matchCriteriaId": "816CA3DE-9453-4D60-886B-2BFED178B81B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:schneider-electric:tburjr900:01002eh0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF82506-8036-4928-9C88-F1DB3B7CCD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:schneider-electric:tburjr900:05002dh0:*:*:*:*:*:*:*",
"matchCriteriaId": "61D7AD31-432E-48AE-A0FB-C6868164A461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:schneider-electric:tburjr900:05002eh0:*:*:*:*:*:*:*",
"matchCriteriaId": "07890C35-BB97-416E-A451-9AE2B35FA83A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:schneider-electric:tburjr900:06002dh0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB839C6-C3D3-4C61-BC6B-F550AF152965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:schneider-electric:tburjr900:06002eh0:*:*:*:*:*:*:*",
"matchCriteriaId": "580C28C8-0136-4F1F-8768-DF4C2F2A0500",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29917F5D-651B-40C5-B5F7-0170B90389FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "483A3AE5-8421-47CB-8CB8-689D594EDE11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B1C8EB0-8562-44B0-9BAE-891089695AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:schneider-electric:tburjr900_firmware:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "73E32FDE-9828-4E29-B0C0-BB1899A3296A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers\u0027 installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation."
},
{
"lang": "es",
"value": "Schneider Electric Trio J-Series License Free Ethernet Radio con firmware v3.6.0 hasta v3.6.3 utiliza la misma clave de cifrado AES en las distintas instalaciones de los clientes, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos saltarse los mecanismos de protecci\u00f3n de cifrado, mediante el aprovechamiento de los conocimientos de esta clave a partir de otra instalaci\u00f3n."
}
],
"id": "CVE-2013-2782",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-28T13:09:15.230",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-2782 (GCVE-0-2013-2782)
Vulnerability from cvelistv5 – Published: 2013-08-28 01:00 – Updated: 2024-09-16 16:22
VLAI?
Summary
Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers\u0027 installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-28T01:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-2782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers\u0027 installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01"
},
{
"name": "http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-2782",
"datePublished": "2013-08-28T01:00:00Z",
"dateReserved": "2013-04-11T00:00:00Z",
"dateUpdated": "2024-09-16T16:22:35.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2782 (GCVE-0-2013-2782)
Vulnerability from nvd – Published: 2013-08-28 01:00 – Updated: 2024-09-16 16:22
VLAI?
Summary
Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers\u0027 installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-28T01:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-2782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers\u0027 installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01"
},
{
"name": "http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-2782",
"datePublished": "2013-08-28T01:00:00Z",
"dateReserved": "2013-04-11T00:00:00Z",
"dateUpdated": "2024-09-16T16:22:35.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}