CVE-2022-32748
Last modified
CVE-2022-32748 is a high-severity vulnerability rated 8.3/10 on the CVSS scale. A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. EPSS estimates a 0.14% chance of exploitation in the next 30 days.
Description
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)
Metrics
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Ecostruxure Cybersecurity Admin Expert | < 2.4 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-32748?
How severe is CVE-2022-32748?
How do I fix CVE-2022-32748?
Are you affected by CVE-2022-32748?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST