1. Home
  2. CVE Database
  3. CVE-2022-22813
CRITICAL · 9.8

CVE-2022-22813

A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they coul...

Vulnerability Description

A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they could potentially observe and manipulate traffic associated with product configuration.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Schneider-ElectricEasergy P141 Firmware-
Schneider-ElectricEasergy P141-
Schneider-ElectricEasergy P142 Firmware-
Schneider-ElectricEasergy P142-
Schneider-ElectricEasergy P143 Firmware-
Schneider-ElectricEasergy P143-
Schneider-ElectricEasergy P145 Firmware-
Schneider-ElectricEasergy P145-
Schneider-ElectricEasergy P241 Firmware-
Schneider-ElectricEasergy P241-
Schneider-ElectricEasergy P242 Firmware-
Schneider-ElectricEasergy P242-
Schneider-ElectricEasergy P243 Firmware-
Schneider-ElectricEasergy P243-
Schneider-ElectricEasergy P342 Firmware-
Schneider-ElectricEasergy P342-
Schneider-ElectricEasergy P343 Firmware-
Schneider-ElectricEasergy P343-
Schneider-ElectricEasergy P344 Firmware-
Schneider-ElectricEasergy P344-

Related Weaknesses (CWE)

CWE-798

References

FAQ

What is CVE-2022-22813?

CVE-2022-22813 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they coul...

How severe is CVE-2022-22813?

CVE-2022-22813 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-22813?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Easergy P141 Firmware, Schneider-Electric Easergy P141, Schneider-Electric Easergy P142 Firmware, Schneider-Electric Easergy P142, Schneider-Electric Easergy P143 Firmware.