CVE-2022-34757

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 (V01.401.102 and prior)

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:easergy_p5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:easergy_p5:-:*:*:*:*:*:*:*

History

27 Jul 2022, 23:27

Type	Values Removed	Values Added
References	~~(CONFIRM) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf -~~	(CONFIRM) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf - Patch, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
First Time		Schneider-electric easergy P5 Firmware Schneider-electric Schneider-electric easergy P5
CPE		cpe:2.3:h:schneider-electric:easergy_p5:-:::::::* cpe:2.3:o:schneider-electric:easergy_p5_firmware::::::::

13 Jul 2022, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-07-13 21:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-34757

Mitre link : CVE-2022-34757

CVE.ORG link : CVE-2022-34757

JSON object : View

Products Affected

schneider-electric

easergy_p5_firmware
easergy_p5

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

{"id": "CVE-2022-34757", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cybersecurity@se.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 5.5, "exploitabilityScore": 1.2}]}, "published": "2022-07-13T21:15:08.340", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "cybersecurity@se.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 (V01.401.102 and prior)"}, {"lang": "es", "value": "Una CWE-327: Se presenta una vulnerabilidad de Uso de un Algoritmo Criptogr\u00e1fico Roto o Arriesgado en la que pueden usarse suites de cifrado d\u00e9biles para la conexi\u00f3n SSH entre el software Easergy Pro y el dispositivo, lo que puede permitir a un atacante observar los detalles de la comunicaci\u00f3n protegida. Productos afectados: Easergy P5 (versiones V01.401.102 y anteriores)"}], "lastModified": "2022-07-27T23:27:09.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:easergy_p5_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0F3DF5F-6358-433F-AD79-10080959DA0F", "versionEndIncluding": "01.401.102"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:easergy_p5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D642DB0E-55FF-430D-BD45-D305B13A5045"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@se.com"}