Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-2782

Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

Published

2013-08-28T13:09:15.230

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-310
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Hardware schneider-electric tburjr900 00002dh0 Yes
Hardware schneider-electric tburjr900 00002eh0 Yes
Hardware schneider-electric tburjr900 01002dh0 Yes
Hardware schneider-electric tburjr900 01002eh0 Yes
Hardware schneider-electric tburjr900 05002dh0 Yes
Hardware schneider-electric tburjr900 05002eh0 Yes
Hardware schneider-electric tburjr900 06002dh0 Yes
Hardware schneider-electric tburjr900 06002eh0 Yes
Operating System schneider-electric tburjr900_firmware 3.6.0 Yes
Operating System schneider-electric tburjr900_firmware 3.6.1 Yes
Operating System schneider-electric tburjr900_firmware 3.6.2 Yes
Operating System schneider-electric tburjr900_firmware 3.6.3 Yes
References