VDB
CVE-2022-32748
CVE-2022-32748
PUBLISHED
CVSS 7.900000095367432 HIGH
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)
EPSS 0.07% · 22.2th percentile
Risk Scores
CVSS 3.1
7.900000095367432
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score
0.07%
22.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| schneider-electric | ecostruxure_cybersecurity_admin_expert | 0 |
| Schneider Electric | EcoStruxure™ Cybersecurity Admin Expert (CAE) | All |
Exploit Intelligence
Timeline
- Jun 15, 2022 CVE Published
- Aug 19, 2022 CVE Updated
- Jan 31, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 12, 2023 EPSS Score
- Apr 21, 2023 EPSS Score
- Jun 1, 2023 EPSS Score
- Jul 11, 2023 EPSS Score
- Aug 20, 2023 EPSS Score
- Sep 29, 2023 EPSS Score
- Nov 8, 2023 EPSS Score
- Dec 18, 2023 EPSS Score
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-067-02_APC-Smart-UPS_Security_Notification_V6.0.pdf advisory
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-07_CanBRASS_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-06_C-Bus_Home_Automation_Products_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-067-01_EcoStruxure_Control_Expert_and_EcoStruxure_Process_Expert_Security_Notification_V2.0.pdf advisory
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-02_Geo_SCADA_Android_App_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-08_Cybersecurity_Admin_Expert_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-012-02_EcoStruxure_Power_Build_Rapsody_Security_Notification_V2.0.pdf advisory
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_%20StruxureWare_Data_Center_Expert_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V8.0.pdf advisory
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-32748 advisory