CVE-2022-46680 — Cleartext Transmission of Sensitive Info in Powerlogic Ion7400 Firmware

CWE-319 — Cleartext Transmission of Sensitive Info3 documents3 sources

Severity

9.8CRITICALNVD

CNA8.8

EPSS

0.1%

top 66.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Powerlogic Ion7400 Firmware Schneider-electric Powerlogic Ion9000 Firmware Schneider-electric Powerlogic Pm8000 Firmware +6 more

Timeline

PublishedMay 22

Description

A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages9 packages

▶NVDschneider-electric/powerlogic_pm8000_firmware< 4.0.0

▶NVDschneider-electric/powerlogic_ion7400_firmware< 4.0.0

▶NVDschneider-electric/powerlogic_ion9000_firmware< 4.0.0

▶CVEListV5schneider_electric/powerlogic_pm8000Prior to 4.0.0

▶CVEListV5schneider_electric/powerlogic_ion7400Prior to 4.0.0

🔴Vulnerability Details

CVEList

CVE-2022-46680: A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of servic↗2023-05-22

▶

GHSA

GHSA-fhxw-qvv7-c595: A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of servic↗2023-05-22

▶