PT-2019-9715 · Hetronic · Hetronic Nova-M

Akira Urano

Published

2019-01-04

Updated

2019-10-09

CVE-2018-19023

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Hetronic Nova-M versions prior to r161

Description The issue allows for unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state due to the use of fixed codes that can be reproducible by sniffing and re-transmission.

Recommendations For versions prior to r161, update to version r161 or later to resolve the issue. As a temporary workaround, consider implementing additional authentication or encryption mechanisms to prevent sniffing and re-transmission of commands. Restrict access to the system to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-294

Related Identifiers

CVE-2018-19023

ZDI-19-003

Affected Products

Hetronic Nova-M

PT-2019-9715 · Hetronic · Hetronic Nova-M

CVE-2018-19023

Weakness Enumeration

Related Identifiers

Affected Products

References · 5