PT-2022-3622 · Schneider Electric · Easergy P5+1
Published
2022-07-12
·
Updated
2022-07-27
·
CVE-2022-34757
CVSS v3.1
6.7
Medium
| Vector | AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Easergy P5 versions V01.401.102 and prior
Description
The issue is related to the use of defective cryptographic algorithms, which may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. Specifically, a vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, potentially allowing an attacker to observe protected communication details.
Recommendations
For Easergy P5 versions V01.401.102 and prior, update the software to a version that uses secure cryptographic algorithms for SSH connections. As a temporary workaround, consider restricting the use of weak cipher suites for the SSH connection between Easergy Pro software and the device until a patch is available.
Fix
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Easergy P5
Easergy Pro