CVE-2022-34758
published 2022-07-13CVE-2022-34758: A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged…
PriorityP425medium4.9CVSS 3.1
AVNACLPRHUINSUCNIHAN
EPSS
0.38%
30.1th percentile
A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Easergy P5 (V01.401.102 and prior)
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | easergy_p5_firmware | <= 01.401.102 | — |
| schneider_electric | easergy_p5 | >= Firmware < V01.401.102 | V01.401.102 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rw6g-9gmq-76ff: A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to pr
ghsa_unreviewed·2022-07-14
CVE-2022-34758 [MEDIUM] CWE-20 GHSA-rw6g-9gmq-76ff: A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to pr
A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Easergy P5 (V01.401.102 and prior)
CISA ICS
Schneider Electric Easergy P5 and P3 (Update A)
cisa_ics·2022-02-24·CVSS 7.5
[HIGH] Schneider Electric Easergy P5 and P3 (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Schneider Electric Easergy P5 and P3 (Update A)
Last RevisedJuly 12, 2022
Alert CodeICSA-22-055-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Low attack complexity
- Vendor: Schneider Electric
- Equipment: Easergy P5 and P3
--------- Begin Update A Part 1 of 4 ---------
- Vulnerabilities: Use of Hard-Coded Credentials, Classic Buffer Overflow, and Improper Input Validation
--------- End Update A Part 1 of 4 ---------
## 2. UPDATE
This updated advisory is a follow-up to the original advisory titled ICSA-22-055-03 Schneider Electric Easergy P5 and P3 that was publi
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdfhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf
2022-07-13
Published