CVE-2023-43775 (GCVE-0-2023-43775)

Vulnerability from cvelistv5 – Published: 2023-09-26 13:50 – Updated: 2024-09-24 13:19
VLAI?
Title
Security issue in SMP Gateway automation platform
Summary
Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause the SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is not vulnerable anymore.
Severity ?
4.7 (Medium)
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
CWE
  • CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
Vendor Product Version
Eaton SMP SG-4260 Affected: 8.0 , < 8.0R9 (custom)
Affected: 8.1 , < 8.1R5 (custom)
Affected: 8.2 , < 8.2R4 (custom)
Create a notification for this product.
    Eaton SMP SG-4250 Affected: 7.0
Affected: 7.1
Affected: 7.2
Affected: 8.0 , < 8.0R9 (custom)
Affected: 8.1 , < 8.1R5 (custom)
Affected: 8.2 , < 8.2R4 (custom)
Create a notification for this product.
    Eaton SMP 4/DP Affected: 6.3
Affected: 7.0
Affected: 7.1
Affected: 7.2
Affected: 8.0 , < 8.0R9 (custom)
Affected: 8.1 , < 8.1R5 (custom)
Affected: 8.2 , < 8.2R4 (custom)
Create a notification for this product.
    Eaton SMP 16 Affected: 6.3
Affected: 7.0
Affected: 7.1
Affected: 7.2
Affected: 8.0 , < 8.0R9 (custom)
Create a notification for this product.
Credits
Communications Security Establishment, Canada.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:52:11.051Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2022-1008.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-43775",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T13:19:33.279087Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T13:19:42.645Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SMP SG-4260",
          "vendor": "Eaton",
          "versions": [
            {
              "lessThan": "8.0R9",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1R5",
              "status": "affected",
              "version": "8.1",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2R4",
              "status": "affected",
              "version": "8.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SMP SG-4250",
          "vendor": "Eaton",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.1"
            },
            {
              "status": "affected",
              "version": "7.2"
            },
            {
              "lessThan": "8.0R9",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1R5",
              "status": "affected",
              "version": "8.1",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2R4",
              "status": "affected",
              "version": "8.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SMP 4/DP",
          "vendor": "Eaton",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.1"
            },
            {
              "status": "affected",
              "version": "7.2"
            },
            {
              "lessThan": "8.0R9",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1R5",
              "status": "affected",
              "version": "8.1",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2R4",
              "status": "affected",
              "version": "8.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SMP 16",
          "vendor": "Eaton",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.1"
            },
            {
              "status": "affected",
              "version": "7.2"
            },
            {
              "lessThan": "8.0R9",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Communications Security Establishment, Canada."
        }
      ],
      "datePublic": "2023-09-28T13:49:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows \n\nattacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause\nthe SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is\nnot vulnerable anymore.\u003cbr\u003e"
            }
          ],
          "value": "Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows \n\nattacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause\nthe SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is\nnot vulnerable anymore.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-28T20:29:16.284Z",
        "orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
        "shortName": "Eaton"
      },
      "references": [
        {
          "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2022-1008.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Security issue in SMP Gateway automation platform",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
    "assignerShortName": "Eaton",
    "cveId": "CVE-2023-43775",
    "datePublished": "2023-09-26T13:50:13.211Z",
    "dateReserved": "2023-09-22T05:10:55.258Z",
    "dateUpdated": "2024-09-24T13:19:42.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2022-1008.pdf\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T19:52:11.051Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-43775\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-24T13:19:33.279087Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-24T13:19:37.993Z\"}}], \"cna\": {\"title\": \"Security issue in SMP Gateway automation platform\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Communications Security Establishment, Canada.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 4.7, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Eaton\", \"product\": \"SMP SG-4260\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0\", \"lessThan\": \"8.0R9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.1\", \"lessThan\": \"8.1R5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.2\", \"lessThan\": \"8.2R4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Eaton\", \"product\": \"SMP SG-4250\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.0\"}, {\"status\": \"affected\", \"version\": \"7.1\"}, {\"status\": \"affected\", \"version\": \"7.2\"}, {\"status\": \"affected\", \"version\": \"8.0\", \"lessThan\": \"8.0R9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.1\", \"lessThan\": \"8.1R5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.2\", \"lessThan\": \"8.2R4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Eaton\", \"product\": \"SMP 4/DP\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.3\"}, {\"status\": \"affected\", \"version\": \"7.0\"}, {\"status\": \"affected\", \"version\": \"7.1\"}, {\"status\": \"affected\", \"version\": \"7.2\"}, {\"status\": \"affected\", \"version\": \"8.0\", \"lessThan\": \"8.0R9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.1\", \"lessThan\": \"8.1R5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.2\", \"lessThan\": \"8.2R4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Eaton\", \"product\": \"SMP 16\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.3\"}, {\"status\": \"affected\", \"version\": \"7.0\"}, {\"status\": \"affected\", \"version\": \"7.1\"}, {\"status\": \"affected\", \"version\": \"7.2\"}, {\"status\": \"affected\", \"version\": \"8.0\", \"lessThan\": \"8.0R9\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-09-28T13:49:00.000Z\", \"references\": [{\"url\": \"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2022-1008.pdf\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows \\n\\nattacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause\\nthe SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is\\nnot vulnerable anymore.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows \\n\\nattacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause\\nthe SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is\\nnot vulnerable anymore.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"63703b7d-23e2-41ef-94b3-a3c6333f7759\", \"shortName\": \"Eaton\", \"dateUpdated\": \"2023-09-28T20:29:16.284Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-43775\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-24T13:19:42.645Z\", \"dateReserved\": \"2023-09-22T05:10:55.258Z\", \"assignerOrgId\": \"63703b7d-23e2-41ef-94b3-a3c6333f7759\", \"datePublished\": \"2023-09-26T13:50:13.211Z\", \"assignerShortName\": \"Eaton\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.