CVE-2023-43775

Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows 

attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause
the SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is
not vulnerable anymore.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
EatonCNA
4.7 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
VendorProductVersion
eatonsmp_sg-4260_firmware
8.0 ≤
𝑥
< 8.0r9
eatonsmp_sg-4260_firmware
8.1 ≤
𝑥
< 8.1r5
eatonsmp_sg-4260_firmware
8.2 ≤
𝑥
< 8.2r4
eatonsmp_sg-4250_firmware
8.0 ≤
𝑥
< 8.0r9
eatonsmp_sg-4250_firmware
8.1 ≤
𝑥
< 8.1r5
eatonsmp_sg-4250_firmware
8.2 ≤
𝑥
< 8.2r4
eatonsmp_sg-4250_firmware
7.0
eatonsmp_sg-4250_firmware
7.1
eatonsmp_sg-4250_firmware
7.2
eatonsmp_4\/dp_firmware
8.0 ≤
𝑥
< 8.0r9
eatonsmp_4\/dp_firmware
8.1 ≤
𝑥
< 8.1r5
eatonsmp_4\/dp_firmware
8.2 ≤
𝑥
< 8.2r4
eatonsmp_4\/dp_firmware
6.3
eatonsmp_4\/dp_firmware
7.0
eatonsmp_4\/dp_firmware
7.1
eatonsmp_4\/dp_firmware
7.2
eatonsmp_16_firmware
8.0 ≤
𝑥
< 8.0r9
eatonsmp_16_firmware
6.3
eatonsmp_16_firmware
7.0
eatonsmp_16_firmware
7.1
eatonsmp_16_firmware
7.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2022-1008.pdf
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2022-1008.pdf