CVE-2022-34756 — Classic Buffer Overflow in Electric Easergy P5

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

9.8CRITICALNVD

CNA8.8

EPSS

1.9%

top 16.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Easergy P5 Schneider-electric Easergy P5 Firmware

Timeline

PublishedJul 13

Latest updateJul 14

Description

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 (V01.401.102 and prior)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5schneider_electric/easergy_p5Firmware — V01.401.102

▶NVDschneider-electric/easergy_p5_firmware01.401.102

Patches

Patch: download.schneider-electric.com ↗Patch: download.schneider-electric.com ↗

🔴Vulnerability Details

GHSA

GHSA-8995-37xw-9hjj: A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack whic↗2022-07-14

▶

CVEList

CVE-2022-34756: A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack whic↗2022-07-13

▶