Vulnerability Description
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and manipulate traffic associated with product configuration. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101)
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Easergy P5 Firmware | < 01.401.101 |
| Schneider-Electric | Easergy P5 | - |
Related Weaknesses (CWE)
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-03Vendor Advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-03Vendor Advisory
FAQ
What is CVE-2022-22722?
CVE-2022-22722 is a vulnerability with a CVSS score of 7.5 (HIGH). A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active contro...
How severe is CVE-2022-22722?
CVE-2022-22722 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-22722?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Easergy P5 Firmware, Schneider-Electric Easergy P5.