Details of VAR-201308-0163

ID

VAR-201308-0163

CVE

CVE-2013-2782

TITLE

Schneider Electric Trio J-Series License Free Ethernet Radio Vulnerabilities that can break cryptographic protection mechanisms

Trust: 0.8

sources: JVNDB: JVNDB-2013-003900

DESCRIPTION

Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. The Schneider Electric Multiple Trio J-Series Radio device is a radio station device. An attacker can exploit the vulnerability to intercept and reveal encrypted wireless traffic link traffic and access the ICS network. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. No detailed solution is currently available. The above devices running V3.6.0, V3.6.1, V3.6.2 and V3.6.3 firmware are affected by this vulnerability

Trust: 3.24

sources: NVD: CVE-2013-2782 // JVNDB: JVNDB-2013-003900 // CNVD: CNVD-2013-12596 // CNVD: CNVD-2013-12446 // BID: 61968 // IVD: ba4c62b6-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-62784

IOT TAXONOMY

category:	['ICS']	sub_category:	-	Trust: 0.8
category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6

sources: IVD: ba4c62b6-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-12596 // CNVD: CNVD-2013-12446

AFFECTED PRODUCTS

vendor:	schneider electric	model:	tburjr900	scope:	eq	version:	00002eh0	Trust: 1.6
vendor:	schneider electric	model:	tburjr900	scope:	eq	version:	01002dh0	Trust: 1.6
vendor:	schneider electric	model:	tburjr900	scope:	eq	version:	06002dh0	Trust: 1.6
vendor:	schneider electric	model:	tburjr900	scope:	eq	version:	00002dh0	Trust: 1.6
vendor:	schneider electric	model:	tburjr900	scope:	eq	version:	01002eh0	Trust: 1.6
vendor:	schneider electric	model:	tburjr900	scope:	eq	version:	05002eh0	Trust: 1.6
vendor:	schneider electric	model:	tburjr900	scope:	eq	version:	06002eh0	Trust: 1.6
vendor:	schneider electric	model:	tburjr900	scope:	eq	version:	05002dh0	Trust: 1.6
vendor:	schneider electric	model:	tburjr900	scope:	eq	version:	3.6.1	Trust: 1.0
vendor:	schneider electric	model:	tburjr900	scope:	eq	version:	3.6.3	Trust: 1.0
vendor:	schneider electric	model:	tburjr900	scope:	eq	version:	3.6.0	Trust: 1.0
vendor:	schneider electric	model:	tburjr900	scope:	eq	version:	3.6.2	Trust: 1.0
vendor:	schneider electric	model:	trio j-series license-free ethernet data radio	scope:	eq	version:	00002dh0	Trust: 0.8
vendor:	schneider electric	model:	trio j-series license-free ethernet data radio	scope:	eq	version:	00002eh0	Trust: 0.8
vendor:	schneider electric	model:	trio j-series license-free ethernet data radio	scope:	eq	version:	01002dh0	Trust: 0.8
vendor:	schneider electric	model:	trio j-series license-free ethernet data radio	scope:	eq	version:	01002eh0	Trust: 0.8
vendor:	schneider electric	model:	trio j-series license-free ethernet data radio	scope:	eq	version:	05002dh0	Trust: 0.8
vendor:	schneider electric	model:	trio j-series license-free ethernet data radio	scope:	eq	version:	05002eh0	Trust: 0.8
vendor:	schneider electric	model:	trio j-series license-free ethernet data radio	scope:	eq	version:	06002dh0	Trust: 0.8
vendor:	schneider electric	model:	trio j-series license-free ethernet data radio	scope:	eq	version:	06002eh0	Trust: 0.8
vendor:	schneider electric	model:	trio j-series license-free ethernet data radio	scope:	eq	version:	3.6.0 to 3.6.3	Trust: 0.8
vendor:	schneider	model:	electric trio j-series radio	scope:	eq	version:	3.x	Trust: 0.6
vendor:	schneider	model:	electric tburjr900-06002eh0	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric tburjr900-05002eh0	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric tburjr900-01002eh0	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric tburjr900-00002eh0	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric tburjr900-06002dh0	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric tburjr900-05002dh0	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric tburjr900-01002dh0	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric tburjr900-00002dh0	scope:	-	version:	-	Trust: 0.6
vendor:	tburjr900	model:	00002dh0	scope:	-	version:	-	Trust: 0.2
vendor:	tburjr900	model:	00002eh0	scope:	-	version:	-	Trust: 0.2
vendor:	tburjr900	model:	01002dh0	scope:	-	version:	-	Trust: 0.2
vendor:	tburjr900	model:	01002eh0	scope:	-	version:	-	Trust: 0.2
vendor:	tburjr900	model:	05002dh0	scope:	-	version:	-	Trust: 0.2
vendor:	tburjr900	model:	05002eh0	scope:	-	version:	-	Trust: 0.2
vendor:	tburjr900	model:	06002dh0	scope:	-	version:	-	Trust: 0.2
vendor:	tburjr900	model:	06002eh0	scope:	-	version:	-	Trust: 0.2
vendor:	tburjr900	model:	-	scope:	eq	version:	3.6.0	Trust: 0.2
vendor:	tburjr900	model:	-	scope:	eq	version:	3.6.1	Trust: 0.2
vendor:	tburjr900	model:	-	scope:	eq	version:	3.6.2	Trust: 0.2
vendor:	tburjr900	model:	-	scope:	eq	version:	3.6.3	Trust: 0.2

sources: IVD: ba4c62b6-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-12596 // CNVD: CNVD-2013-12446 // JVNDB: JVNDB-2013-003900 // CNNVD: CNNVD-201308-387 // NVD: CVE-2013-2782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-2782
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-2782
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-12596
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2013-12446
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201308-387
value:	CRITICAL
Trust: 0.6
IVD:	ba4c62b6-2352-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-62784
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-2782
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-12596
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2013-12446
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	ba4c62b6-2352-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-62784
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: ba4c62b6-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-12596 // CNVD: CNVD-2013-12446 // VULHUB: VHN-62784 // JVNDB: JVNDB-2013-003900 // CNNVD: CNNVD-201308-387 // NVD: CVE-2013-2782

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-62784 // JVNDB: JVNDB-2013-003900 // NVD: CVE-2013-2782

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-387

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201308-387

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003900

PATCH

title:	SEVD-2013-143-01	url:	http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf	Trust: 0.8
title:	サポート	url:	http://www.schneider-electric.co.jp/sites/japan/jp/support/contact/we-care.page	Trust: 0.8
title:	トップページ	url:	http://www.schneider-electric.com/site/home/index.cfm/jp/	Trust: 0.8
title:	Schneider Electric patch for multiple Trio J-Series Radio devices AES key generation vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/39134	Trust: 0.6
title:	Patch for Schneider Electric Trio J-Series License Free Ethernet Radio has unknown AES encryption key generation vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/38234	Trust: 0.6

sources: CNVD: CNVD-2013-12596 // CNVD: CNVD-2013-12446 // JVNDB: JVNDB-2013-003900

EXTERNAL IDS

db:	NVD	id:	CVE-2013-2782	Trust: 3.6
db:	ICS CERT	id:	ICSA-13-234-01	Trust: 3.1
db:	SCHNEIDER	id:	SEVD-2013-143-01	Trust: 2.3
db:	BID	id:	61968	Trust: 1.6
db:	CNVD	id:	CNVD-2013-12596	Trust: 0.8
db:	CNNVD	id:	CNNVD-201308-387	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-003900	Trust: 0.8
db:	SECUNIA	id:	54594	Trust: 0.6
db:	CNVD	id:	CNVD-2013-12446	Trust: 0.6
db:	IVD	id:	BA4C62B6-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-62784	Trust: 0.1

sources: IVD: ba4c62b6-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-12596 // CNVD: CNVD-2013-12446 // VULHUB: VHN-62784 // BID: 61968 // JVNDB: JVNDB-2013-003900 // CNNVD: CNNVD-201308-387 // NVD: CVE-2013-2782

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-13-234-01	Trust: 3.1
url:	http://www.schneider-electric.com/download/ww/en/file/141141292-sevd-2013-143-01.pdf	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2782	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2782	Trust: 0.8
url:	http://secunia.com/advisories/54594/	Trust: 0.6
url:	http://download.schneider-electric.com/files?p_file_id=141141292&p_file_name=sevd-2013-143-01.pdf	Trust: 0.6
url:	http://www.securityfocus.com/bid/61968	Trust: 0.6
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.3

sources: CNVD: CNVD-2013-12596 // CNVD: CNVD-2013-12446 // VULHUB: VHN-62784 // BID: 61968 // JVNDB: JVNDB-2013-003900 // CNNVD: CNNVD-201308-387 // NVD: CVE-2013-2782

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 61968

SOURCES

db:	IVD	id:	ba4c62b6-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-12596
db:	CNVD	id:	CNVD-2013-12446
db:	VULHUB	id:	VHN-62784
db:	BID	id:	61968
db:	JVNDB	id:	JVNDB-2013-003900
db:	CNNVD	id:	CNNVD-201308-387
db:	NVD	id:	CVE-2013-2782

LAST UPDATE DATE

2025-04-11T23:12:00.331000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-12596	date:	2013-08-27T00:00:00
db:	CNVD	id:	CNVD-2013-12446	date:	2013-08-19T00:00:00
db:	VULHUB	id:	VHN-62784	date:	2013-08-29T00:00:00
db:	BID	id:	61968	date:	2015-03-19T08:39:00
db:	JVNDB	id:	JVNDB-2013-003900	date:	2013-08-29T00:00:00
db:	CNNVD	id:	CNNVD-201308-387	date:	2013-08-29T00:00:00
db:	NVD	id:	CVE-2013-2782	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	ba4c62b6-2352-11e6-abef-000c29c66e3d	date:	2013-08-27T00:00:00
db:	CNVD	id:	CNVD-2013-12596	date:	2013-08-27T00:00:00
db:	CNVD	id:	CNVD-2013-12446	date:	2013-08-19T00:00:00
db:	VULHUB	id:	VHN-62784	date:	2013-08-28T00:00:00
db:	BID	id:	61968	date:	2013-08-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-003900	date:	2013-08-29T00:00:00
db:	CNNVD	id:	CNNVD-201308-387	date:	2013-08-27T00:00:00
db:	NVD	id:	CVE-2013-2782	date:	2013-08-28T13:09:15.230