SEVD-2022-165-08 — Vulnetix

SEVD-2022-165-08 PUBLISHED CVSS 8 HIGH

Schneider Electric is aware of multiple vulnerabilities in its EcoStruxure™ Cybersecurity Admin Expert product. The EcoStruxure™ Cybersecurity Admin Expert product (CAE) is a solution for managing cybersecurity in an electrical network’s operational technology (OT). Failure to apply the remediation provided below may risk man-in-the-middle and/or device spoofing attacks, which could result in the total compromise of devices configured by the CAE.

Risk Scores

CVSS v3.1

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
	Schneider Electric EcoStruxure™ Cybersecurity Admin Expert (CAE) <=2.2
	Schneider Electric EcoStruxure™ Cybersecurity Admin Expert (CAE) 2.4

Timeline

Jun 14, 2022 CVE Published

References

https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2022-165-08.json advisory
https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-08_Cybersecurity_Admin_Expert_Security_Notification.pdf advisory
https://www.se.com/us/en/download/document/7EN52-0390/ advisory
https://www.se.com/ww/en/product-range/63515-ecostruxure-cybersecurity-admin-expert/#software-and-firmware fix

Open in Interactive Console →