Lucene search

EatonCVELIST:CVE-2023-43775

HistorySep 26, 2023 - 1:50 p.m.

CVE-2023-43775 Security issue in SMP Gateway automation platform

2023-09-2613:50:13

CWE-400

Eaton

www.cve.org

smp gateway

web server

dos attack

automation platform

availability vulnerability

CVSS3

4.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

EPSS

0.001

Percentile

23.6%

JSON

Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows

attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause
the SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is
not vulnerable anymore.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SMP SG-4260",
    "vendor": "Eaton",
    "versions": [
      {
        "lessThan": "8.0R9",
        "status": "affected",
        "version": "8.0",
        "versionType": "custom"
      },
      {
        "lessThan": "8.1R5",
        "status": "affected",
        "version": "8.1",
        "versionType": "custom"
      },
      {
        "lessThan": "8.2R4",
        "status": "affected",
        "version": "8.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SMP SG-4250",
    "vendor": "Eaton",
    "versions": [
      {
        "status": "affected",
        "version": "7.0"
      },
      {
        "status": "affected",
        "version": "7.1"
      },
      {
        "status": "affected",
        "version": "7.2"
      },
      {
        "lessThan": "8.0R9",
        "status": "affected",
        "version": "8.0",
        "versionType": "custom"
      },
      {
        "lessThan": "8.1R5",
        "status": "affected",
        "version": "8.1",
        "versionType": "custom"
      },
      {
        "lessThan": "8.2R4",
        "status": "affected",
        "version": "8.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SMP 4/DP",
    "vendor": "Eaton",
    "versions": [
      {
        "status": "affected",
        "version": "6.3"
      },
      {
        "status": "affected",
        "version": "7.0"
      },
      {
        "status": "affected",
        "version": "7.1"
      },
      {
        "status": "affected",
        "version": "7.2"
      },
      {
        "lessThan": "8.0R9",
        "status": "affected",
        "version": "8.0",
        "versionType": "custom"
      },
      {
        "lessThan": "8.1R5",
        "status": "affected",
        "version": "8.1",
        "versionType": "custom"
      },
      {
        "lessThan": "8.2R4",
        "status": "affected",
        "version": "8.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SMP 16",
    "vendor": "Eaton",
    "versions": [
      {
        "status": "affected",
        "version": "6.3"
      },
      {
        "status": "affected",
        "version": "7.0"
      },
      {
        "status": "affected",
        "version": "7.1"
      },
      {
        "status": "affected",
        "version": "7.2"
      },
      {
        "lessThan": "8.0R9",
        "status": "affected",
        "version": "8.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2022-1008.pdf

CVSS3

4.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

EPSS

0.001

Percentile

23.6%

JSON

Related for CVELIST:CVE-2023-43775