CVE-2022-34756

CVSS V2 None CVSS V3 Critical 9.8
Description
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 (V01.401.102 and prior)
Overview
  • CVE ID
  • CVE-2022-34756
  • Assigner
  • cybersecurity@se.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-07-13T21:15:08
  • Last Modified Date
  • 2022-07-27T23:23:51
Weakness Enumerations
CWE URL
CWE-120 http://cwe.mitre.org/data/definitions/120.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:schneider-electric:easergy_p5_firmware:*:*:*:*:*:*:*:* 1 OR 01.401.102
cpe:2.3:h:schneider-electric:easergy_p5:-:*:*:*:*:*:*:* 0 OR
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 9.8
  • Base Severity
  • CRITICAL
  • Exploitability Score
  • 3.9
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-34756
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34756
History
Created Old Value New Value Data Type Notes
2022-07-13 22:00:14 Added to TrackCVE