CVE-2022-22723 — Classic Buffer Overflow in Easergy P5 Firmware

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 78.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Easergy P5 Firmware

Timeline

PublishedFeb 4

Latest updateFeb 11

Description

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101)

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDschneider-electric/easergy_p5_firmware< 01.401.101

🔴Vulnerability Details

GHSA

GHSA-mm7j-7gq2-x4fr: A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary↗2022-02-11

▶

CVEList

CVE-2022-22723: A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary↗2022-02-04

▶