Detections
Analytics

Korenix JetNet Improper Authentication (CVE-2023-5376)

critical Tenable OT Security Plugin ID 504963

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://www.nessus.org/u?410e2a88

http://seclists.org/fulldisclosure/2024/Jan/11

http://www.nessus.org/u?0f8ef61f

https://www.beijerelectronics.com/en/support/Help___online?docId=69947

Plugin Details

Severity: Critical

ID: 504963

Version: 1.1

Type: remote

Family: Tenable.ot

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Vulnerability Information

CPE: cpe:/o:korenix:jetnet_5612gp-4f_firmware:1.2, cpe:/o:korenix:jetnet_7714g-m12_hvdc_firmware:1.0, cpe:/o:korenix:jetnet_6828gf-2dc24_firmware:1.0, cpe:/o:korenix:jetnet_6628xp-4f-us_firmware:1.1, cpe:/o:korenix:jetnet_6728g-24p-ac-2dc-us_firmware:1.1, cpe:/o:korenix:jetnet_7628x-4f-us_firmware:1.0, cpe:/o:korenix:jetnet_6528gf-2dc48_firmware:1.0, cpe:/o:korenix:jetnet_4508if-m_firmware:1.3, cpe:/o:korenix:jetnet_7628xp-4f-eu_firmware:1.1, cpe:/o:korenix:jetnet_4508i-w_firmware:1.3, cpe:/o:korenix:jetnet_4508f-mw_firmware:2.3, cpe:/o:korenix:jetnet_6828gf-ac-dc24-eu_firmware:1.0, cpe:/o:korenix:jetnet_6910g-m12_hvdc_firmware:1.0, cpe:/o:korenix:jetnet_4508_firmware:2.3, cpe:/o:korenix:jetnet_6828gf-2ac-us_firmware:1.0, cpe:/o:korenix:jetnet_6828gf-2dc48_firmware:1.0, cpe:/o:korenix:jetnet_5620g-4c_firmware:1.1, cpe:/o:korenix:jetnet_6828gf-ac-dc24-us_firmware:1.0, cpe:/o:korenix:jetnet_4508f-sw_firmware:2.3, cpe:/o:korenix:jetnet_4508-w_firmware:2.3, cpe:/o:korenix:jetnet_5310g_firmware:2.6, cpe:/o:korenix:jetnet_5728g-24p-ac-2dc-eu_firmware:2.1, cpe:/o:korenix:jetnet_6528gf-2ac-us_firmware:1.0, cpe:/o:korenix:jetnet_6528gf-2dc24_firmware:1.0, cpe:/o:korenix:jetnet_6528gf-ac-us_firmware:1.0, cpe:/o:korenix:jetnet_5612g-4f_firmware:1.2, cpe:/o:korenix:jetnet_5728g-24p-ac-2dc-us_firmware:2.1, cpe:/o:korenix:jetnet_4508if-s_firmware:1.3, cpe:/o:korenix:jetnet_6728g-24p-ac-2dc-eu_firmware:1.1, cpe:/o:korenix:jetnet_7310g-v2_firmware:1.0, cpe:/o:korenix:jetnet_4508if-sw_firmware:1.3, cpe:/o:korenix:jetnet_7628xp-4f-eu_firmware:1.0, cpe:/o:korenix:jetnet_6528gf-ac-eu_firmware:1.0, cpe:/o:korenix:jetnet_6528gf-2ac-eu_firmware:1.0, cpe:/o:korenix:jetnet_6828gf-2ac-eu_firmware:1.0, cpe:/o:korenix:jetnet_4508if-mw_firmware:1.3, cpe:/o:korenix:jetnet_4508f-s_firmware:2.3, cpe:/o:korenix:jetnet_6828gf-ac-us_firmware:1.0, cpe:/o:korenix:jetnet_6828gf-2ac-au_firmware:1.0, cpe:/o:korenix:jetnet_7628xp-4f-us_firmware:1.1, cpe:/o:korenix:jetnet_4508f-m_firmware:2.3, cpe:/o:korenix:jetnet_7628xp-4f-us_firmware:1.0, cpe:/o:korenix:jetnet_6628x-4f-eu_firmware:1.0, cpe:/o:korenix:jetnet_7628x-4f-eu_firmware:1.0

Required KB Items: Tenable.ot/Korenix

Exploit Ease: No known exploits are available

Patch Publication Date: 1/9/2024

Vulnerability Publication Date: 1/9/2024

Reference Information

CVE: CVE-2023-5376

CWE: 287, 306