VDB

CVE-2022-32747

CVE-2022-32747 PUBLISHED CVSS 8 HIGH

A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)

EPSS 0.11% · 29.5th percentile

Risk Scores

CVSS 3.1
8
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.11%
29.5th percentile

Affected Products

VendorProductVersions
schneider-electricecostruxure_cybersecurity_admin_expert0
Schneider ElectricEcoStruxure™ Cybersecurity Admin Expert (CAE)*

Exploit Intelligence

Timeline

  • Jun 15, 2022 CVE Published
  • Aug 19, 2022 CVE Updated
  • Jan 31, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 12, 2023 EPSS Score
  • Apr 21, 2023 EPSS Score
  • Jun 1, 2023 EPSS Score
  • Jul 11, 2023 EPSS Score
  • Aug 20, 2023 EPSS Score
  • Sep 29, 2023 EPSS Score
  • Nov 8, 2023 EPSS Score
  • Dec 18, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›