CVE-2022-22723

Name of the Vulnerable Software and Affected Versions Easergy P5 versions prior to V01.401.101

Description A buffer copy without checking the size of input vulnerability exists, which could lead to a buffer overflow, causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted.

Recommendations For versions prior to V01.401.101, update the firmware to version V01.401.101 or later to resolve the issue. As a temporary workaround, consider restricting access to the GOOSE protocol to minimize the risk of exploitation. Avoid sending specially crafted packets to the device over the network until the issue is resolved.