VDB
SEVD-2022-130-01
SEVD-2022-130-01
PUBLISHED
CVSS 8 HIGH
Schneider Electric is aware of a vulnerability in its PowerLogic ION Setup product. The PowerLogic ION Setup product is an engineering tool for configuration and maintenance of PowerLogic metering devices. Failure to apply the remediations provided below may risk remote code execution, which could result in a compromise of the engineering workstation running the ION Setup software.
Risk Scores
CVSS v3.1
8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric PowerLogic ION Setup versions prior to 3.2.22096.01 | ||
| Schneider Electric PowerLogic ION Setup 3.2.22096.01 |
Timeline
- May 10, 2022 CVE Published
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-130-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2022-130-01.json advisory
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-130-01_PowerLogic_ION_Setup_Security_Notification.pdf advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ url
- https://www.se.com/ww/en/download/document/ION_Setup_Latest_Release/ fix