CVE-2023-43775
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/09/2023
Last modified:
02/10/2023
Description
Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows <br />
<br />
attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause<br />
the SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is<br />
not vulnerable anymore.<br />
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:eaton:smp_sg-4260_firmware:*:*:*:*:*:*:*:* | 8.0 (including) | 8.0r9 (excluding) |
| cpe:2.3:o:eaton:smp_sg-4260_firmware:*:*:*:*:*:*:*:* | 8.1 (including) | 8.1r5 (excluding) |
| cpe:2.3:o:eaton:smp_sg-4260_firmware:*:*:*:*:*:*:*:* | 8.2 (including) | 8.2r4 (excluding) |
| cpe:2.3:h:eaton:smp_sg-4260:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:eaton:smp_sg-4250_firmware:*:*:*:*:*:*:*:* | 8.0 (including) | 8.0r9 (excluding) |
| cpe:2.3:o:eaton:smp_sg-4250_firmware:*:*:*:*:*:*:*:* | 8.1 (including) | 8.1r5 (excluding) |
| cpe:2.3:o:eaton:smp_sg-4250_firmware:*:*:*:*:*:*:*:* | 8.2 (including) | 8.2r4 (excluding) |
| cpe:2.3:o:eaton:smp_sg-4250_firmware:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:eaton:smp_sg-4250_firmware:7.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:eaton:smp_sg-4250_firmware:7.2:*:*:*:*:*:*:* | ||
| cpe:2.3:h:eaton:smp_sg-4250:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:eaton:smp_4\/dp_firmware:*:*:*:*:*:*:*:* | 8.0 (including) | 8.0r9 (excluding) |
| cpe:2.3:o:eaton:smp_4\/dp_firmware:*:*:*:*:*:*:*:* | 8.1 (including) | 8.1r5 (excluding) |
| cpe:2.3:o:eaton:smp_4\/dp_firmware:*:*:*:*:*:*:*:* | 8.2 (including) | 8.2r4 (excluding) |
| cpe:2.3:o:eaton:smp_4\/dp_firmware:6.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page