Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22722

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and manipulate traffic associated with product configuration. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101)

Published

2022-02-04T23:15:13.067

Last Modified

2024-11-21T06:47:19.423

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:A/AC:M/Au:N/C:P/I:P/A:P

Access Vector: ADJACENT_NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

5.5

Impact Score

6.4

Weaknesses

Type: Primary
CWE-798

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	schneider-electric	easergy_p5_firmware	< 01.401.101	Yes
Hardware	schneider-electric	easergy_p5	-	No

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-03 Vendor Advisory ([email protected])
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-03 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)