CVE-2022-46680 — HIGH (8.8)

Q: How severe is CVE-2022-46680?

CVE-2022-46680 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-46680?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Powerlogic Ion9000 Firmware, Schneider-Electric Powerlogic Ion9000, Schneider-Electric Powerlogic Ion7400 Firmware, Schneider-Electric Powerlogic Ion7400, Schneider-Electric Powerlogic Pm8000 Firmware.

Vulnerability Description

A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Schneider-Electric	Powerlogic Ion9000 Firmware	< 4.0.0
Schneider-Electric	Powerlogic Ion9000	-
Schneider-Electric	Powerlogic Ion7400 Firmware	< 4.0.0
Schneider-Electric	Powerlogic Ion7400	-
Schneider-Electric	Powerlogic Pm8000 Firmware	< 4.0.0
Schneider-Electric	Powerlogic Pm8000	-
Schneider-Electric	Powerlogic Ion8650 Firmware	-
Schneider-Electric	Powerlogic Ion8650	-
Schneider-Electric	Powerlogic Ion8800 Firmware	-
Schneider-Electric	Powerlogic Ion8800	-

Related Weaknesses (CWE)

CWE-319

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocVendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocVendor Advisory

FAQ

What is CVE-2022-46680?

CVE-2022-46680 is a vulnerability with a CVSS score of 8.8 (HIGH). A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able...

How severe is CVE-2022-46680?

CVE-2022-46680 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-46680?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Powerlogic Ion9000 Firmware, Schneider-Electric Powerlogic Ion9000, Schneider-Electric Powerlogic Ion7400 Firmware, Schneider-Electric Powerlogic Ion7400, Schneider-Electric Powerlogic Pm8000 Firmware.