CVE-2013-2782 | Vulnerability Database | Aqua Security

Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

Affected Software

Name	Vendor	Start Version	End Version
Tburjr900	Schneider-electric	00002dh0 (including)	00002dh0 (including)
Tburjr900	Schneider-electric	00002eh0 (including)	00002eh0 (including)
Tburjr900	Schneider-electric	01002dh0 (including)	01002dh0 (including)
Tburjr900	Schneider-electric	01002eh0 (including)	01002eh0 (including)
Tburjr900	Schneider-electric	05002dh0 (including)	05002dh0 (including)
Tburjr900	Schneider-electric	05002eh0 (including)	05002eh0 (including)
Tburjr900	Schneider-electric	06002dh0 (including)	06002dh0 (including)
Tburjr900	Schneider-electric	06002eh0 (including)	06002eh0 (including)

References

http://ics-cert.us-cert.gov/advisories/ICSA-13-234-01
http://www.schneider-electric.com/download/ww/en/file/141141292-SEVD-2013-143-01.pdf

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-2782
CWE	https://cwe.mitre.org/data/definitions/310.html