Buffer Overflow Vulnerability in Easergy P5 by Schneider Electric
CVE-2022-22723

8.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Easergy P5 (all Firmware Versions Prior To V01.401.101)
Vendor: CVE Published:; 4 February 2022

Summary

A buffer overflow vulnerability exists in the Easergy P5, impacting firmware versions before V01.401.101. This vulnerability arises from improper handling of input sizes, allowing attackers to send specially crafted packets over the network. As a consequence, this can lead to program crashes or even arbitrary code execution, potentially compromising the integrity of protection and tripping functions conducted via GOOSE protocol. Users are encouraged to update to the latest firmware to mitigate the risks associated with this vulnerability.

Affected Version(s)

Easergy P5 (All firmware prior to V01.401.101) Easergy P5 (All firmware versions prior to V01.401.101)

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2022
Vulnerability Reserved
Jan 6, 2022