CVE-2022-32748

Name of the Vulnerable Software and Affected Versions EcoStruxure Cybersecurity Admin Expert (CAE) versions prior to 2.2

Description The issue is related to improper certificate validation, which could allow a remote attacker to conduct man-in-the-middle attacks and disclose protected information. This could cause the software to provide incorrect data to end users and potentially leak credentials, enabling an attacker to log into the configuration tool and compromise other devices in the network.

Recommendations For versions prior to 2.2, update to version 2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration tool to minimize the risk of exploitation. Additionally, ensure that all devices in the network are configured to use secure communication protocols to prevent eavesdropping and tampering.