The official site for Saudi CERT
Schneider Alert
9015
Warning Date
Severity Level
Warning Number
Target Sector
15 February, 2023
● High
2023-5460
All
Schneider Electric has released security update to address several vulnerabilities in the following product:
- Merten INSTABUS Tastermodul 1fach System M 625199 (Program Version 1.0)
- Merten INSTABUS Tastermodul 2fach System M 625299 (Program Version 1.0)
- Merten Tasterschnittstelle 4fach plus 670804 (Program Version 1.0 & 1.2)
- Merten KNX ARGUS 180/2,20M UP SYSTEM 631725 (Program Version 1.0)
- Merten Jalousie-/Schaltaktor REG-K/8x/16x/10 m. HB 649908 (Product discontinued) (Program Version 1.0)
- Merten KNX Uni-Dimmaktor LL REG-K/2x230/300 W MEG6710-0002 (Product discontinued) (Program Version 1.0 & 1.1)
- Merten KNX Schaltakt.2x6A UP m.2 Eing. MEG6003-0002 (Product discontinued) (Prgram Version 0.1)
- StruxureWare Data Center Expert
An attacker could exploit these vulnerabilities by doing the following:
- Remote Code Execution
- Sensitive Information Disclosure
- Elevation of Privileges
- Improper Authentication
- Missing Authorization
The CERT team encourages users to review Schneider Electric security advisory and update the affected products:
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf&_ga=2.211633046.224816518.1676459177-778877114.1676362510
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf&_ga=2.5040176.224816518.1676459177-778877114.1676362510
Rate the content
Share the page
