CVE-2022-22722
published 2022-02-04CVE-2022-22722: A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic…
PriorityP343high7.5CVSS 3.1
AVAACHPRNUINSUCHIHAH
EPSS
2.37%
81.7th percentile
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and manipulate traffic associated with product configuration. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101)
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | easergy_p5_firmware | < 01.401.101 | 01.401.101 |
| schneider_electric | easergy_p5 | >= unspecified < 01.401.101 | 01.401.101 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.4MEDIUMAV:A/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Schneider Electric Easergy P5 and P3 (Update A)
cisa_ics·2022-02-24·CVSS 7.5
[HIGH] Schneider Electric Easergy P5 and P3 (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Schneider Electric Easergy P5 and P3 (Update A)
Last RevisedJuly 12, 2022
Alert CodeICSA-22-055-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Low attack complexity
- Vendor: Schneider Electric
- Equipment: Easergy P5 and P3
--------- Begin Update A Part 1 of 4 ---------
- Vulnerabilities: Use of Hard-Coded Credentials, Classic Buffer Overflow, and Improper Input Validation
--------- End Update A Part 1 of 4 ---------
## 2. UPDATE
This updated advisory is a follow-up to the original advisory titled ICSA-22-055-03 Schneider Electric Easergy P5 and P3 that was publi
GHSA
GHSA-fvg3-mg3w-725q: A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure
ghsa_unreviewed·2022-02-11
CVE-2022-22722 [HIGH] CWE-798 GHSA-fvg3-mg3w-725q: A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and manipulate traffic associated with product configuration. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101)
No detection rules found.
No public exploits indexed.
2022-02-04
Published