CVE-2018-19023
25.01.2019, 20:29
Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.Enginsight
| Vendor | Product | Version |
|---|---|---|
| hetronic | nova-m_firmware | 𝑥 < r161 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-294 - Authentication Bypass by Capture-replayA capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.