Security issue in SMP Gateway automation platform
CVE-2023-43775

4.7MEDIUM

Key Information:

Vendor
Eaton
Status
Smp Sg-4260
Smp Sg-4250
Smp 4/dp
Smp 16
Vendor
CVE Published:
27 September 2023

Summary

Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows

attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause the SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is not vulnerable anymore.

Affected Version(s)

SMP 16 6.3

SMP 16 7.0

SMP 16 7.1

References

https://www.eaton.com/content/dam/eaton/company/news-insi...

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Communications Security Establishment, Canada.
.
CVE-2023-43775 : Security issue in SMP Gateway automation platform | SecurityVulnerability.io