PT-2022-3624 · Schneider Electric · Easergy P5

Published

2022-07-12

Updated

2022-07-27

CVE-2022-34758

CVSS v2.0

5.2

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:C/A:P

Name of the Vulnerable Software and Affected Versions Easergy P5 versions V01.401.102 and prior

Description A vulnerability exists due to improper input validation, which could cause the device watchdog function to be disabled if an attacker has access to privileged user credentials. This issue can be exploited remotely.

Recommendations For Easergy P5 versions V01.401.102 and prior, update to a version later than V01.401.102 to resolve the issue. As a temporary workaround, consider restricting access to privileged user credentials to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2022-04409

CVE-2022-34758

Affected Products

Easergy P5

PT-2022-3624 · Schneider Electric · Easergy P5

CVE-2022-34758

Weakness Enumeration

Related Identifiers

Affected Products

References · 7