MEDIUM🇵🇱 Wersja polska

CVE-2021-43575

CVSS 5.5v3.1pub. 2021-11-09upd. 2024-11-21

KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic key material when it is not being exported

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • Knx Engineering Tool Software 6

    APP
    Knx
    6.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2015-8299CRITICAL9.8ten sam vendor

Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers t...

CVE-2023-4346HIGH7.5ten sam vendor

KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, ...

CVE-2021-36799HIGH8.8ten sam vendor

KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing...