CVE-2022-34757

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 (V01.401.102 and prior)

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 5.5

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf	Patch Vendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:easergy_p5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:easergy_p5:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:10

Type	Values Removed	Values Added
References	() https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf - Patch, Vendor Advisory	() https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf - Patch, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~5.3~~	v2 : unknown v3 : 6.7

Information

Published : 2022-07-13 21:15

Updated : 2024-11-21 07:10

NVD link : CVE-2022-34757

Mitre link : CVE-2022-34757

CVE.ORG link : CVE-2022-34757

JSON object : View

Products Affected

schneider-electric

easergy_p5
easergy_p5_firmware

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

{"id": "CVE-2022-34757", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@se.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 5.5, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-07-13T21:15:08.340", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "cybersecurity@se.com"}, {"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 (V01.401.102 and prior)"}, {"lang": "es", "value": "Una CWE-327: Se presenta una vulnerabilidad de Uso de un Algoritmo Criptogr\u00e1fico Roto o Arriesgado en la que pueden usarse suites de cifrado d\u00e9biles para la conexi\u00f3n SSH entre el software Easergy Pro y el dispositivo, lo que puede permitir a un atacante observar los detalles de la comunicaci\u00f3n protegida. Productos afectados: Easergy P5 (versiones V01.401.102 y anteriores)"}], "lastModified": "2024-11-21T07:10:07.670", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:easergy_p5_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0F3DF5F-6358-433F-AD79-10080959DA0F", "versionEndIncluding": "01.401.102"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:easergy_p5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D642DB0E-55FF-430D-BD45-D305B13A5045"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@se.com"}