Vulnerability Description
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Ecostruxure Cybersecurity Admin Expert | < 2.4 |
Related Weaknesses (CWE)
References
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+NoPatchVendor Advisory
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+NoPatchVendor Advisory
FAQ
What is CVE-2022-32748?
CVE-2022-32748 is a vulnerability with a CVSS score of 7.9 (HIGH). A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could l...
How severe is CVE-2022-32748?
CVE-2022-32748 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-32748?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Ecostruxure Cybersecurity Admin Expert.