CVE-2022-32747

Name of the Vulnerable Software and Affected Versions EcoStruxure Cybersecurity Admin Expert (CAE) versions prior to 2.2

Description A vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. This issue is related to authentication bypass by spoofing, which could be exploited by an attacker to conduct spoofing attacks.

Recommendations For versions prior to 2.2, update to version 2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the local network to minimize the risk of exploitation. Additionally, monitor user activity and account creation to detect potential backdoor accounts.