CVE-2022-34758 — Improper Input Validation in Electric Easergy P5

CWE-20 — Improper Input Validation3 documents3 sources

Severity

4.9MEDIUMNVD

CNA5.1

EPSS

0.3%

top 46.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Easergy P5 Schneider-electric Easergy P5 Firmware

Timeline

PublishedJul 13

Latest updateJul 14

Description

A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Easergy P5 (V01.401.102 and prior)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5schneider_electric/easergy_p5Firmware — V01.401.102

▶NVDschneider-electric/easergy_p5_firmware01.401.102

Patches

Patch: download.schneider-electric.com ↗Patch: download.schneider-electric.com ↗

🔴Vulnerability Details

GHSA

GHSA-rw6g-9gmq-76ff: A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to pr↗2022-07-14

▶

CVEList

CVE-2022-34758: A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to pr↗2022-07-13

▶