CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
40.0%
Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent “stop” state.
Vendor | Product | Version | CPE |
---|---|---|---|
hetronic | nova-m_firmware | * | cpe:2.3:o:hetronic:nova-m_firmware:*:*:*:*:*:*:*:* |
hetronic | nova-m | - | cpe:2.3:h:hetronic:nova-m:-:*:*:*:*:*:*:* |
hetronic | es-can-hl_firmware | * | cpe:2.3:o:hetronic:es-can-hl_firmware:*:*:*:*:*:*:*:* |
hetronic | es-can-hl | - | cpe:2.3:h:hetronic:es-can-hl:-:*:*:*:*:*:*:* |
hetronic | bms-hl_firmware | * | cpe:2.3:o:hetronic:bms-hl_firmware:*:*:*:*:*:*:*:* |
hetronic | bms-hl | - | cpe:2.3:h:hetronic:bms-hl:-:*:*:*:*:*:*:* |
hetronic | mlc_firmware | * | cpe:2.3:o:hetronic:mlc_firmware:*:*:*:*:*:*:*:* |
hetronic | mlc | - | cpe:2.3:h:hetronic:mlc:-:*:*:*:*:*:*:* |
hetronic | dc_mobile_firmware | * | cpe:2.3:o:hetronic:dc_mobile_firmware:*:*:*:*:*:*:*:* |
hetronic | dc_mobile | - | cpe:2.3:h:hetronic:dc_mobile:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
40.0%