MidnightBSD

Advisories for electra-air

CVE-2023-24500

Electra Central AC unit – Adjacent attacker may cause the unit to load unauthorized FW.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 7.5 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
electra-air central_ac_unit_firmware v8
electra-air central_ac_unit_firmware v7
CVE-2023-24501

Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
electra-air central_ac_unit_firmware v4
electra-air central_ac_unit_firmware v5
CVE-2023-24502

Electra Central AC unit – The unit opens an AP with an easily calculated password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 7.5 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
electra-air central_ac_unit_firmware v4
electra-air central_ac_unit_firmware v5
electra-air central_ac_unit_firmware v8
electra-air central_ac_unit_firmware v7
CVE-2023-24503

Electra Central AC unit – Adjacent attacker may cause the unit to load unauthorized FW.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 7.5 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
electra-air smart_kit_for_split_ac osk201
CVE-2023-24504

Electra Central AC unit – Adjacent attacker may cause the unit to connect to unauthorized update server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 7.5 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
electra-air central_ac_unit_firmware v8
electra-air central_ac_unit_firmware v7