1. Home
  2. CVE Database
  3. CVE-2022-34757
MEDIUM · 6.7

CVE-2022-34757

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allo...

Vulnerability Description

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 (V01.401.102 and prior)

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Schneider-ElectricEasergy P5 Firmware<= 01.401.102
Schneider-ElectricEasergy P5-

Related Weaknesses (CWE)

CWE-327

References

FAQ

What is CVE-2022-34757?

CVE-2022-34757 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allo...

How severe is CVE-2022-34757?

CVE-2022-34757 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-34757?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Easergy P5 Firmware, Schneider-Electric Easergy P5.