Improper Authentication Vulnerability in C-Bus Network Automation Controllers by Schneider Electric
CVE-2022-32514

9.8CRITICAL

Key Information:

Vendor: Schneider Electric
Status: C-bus Network Automation Controller, Lss5500nac; Wiser For C-bus Automation Controller, Lss5500shac; Clipsal C-bus Network Automation Controller, 5500nac; Clipsal Wiser For C-bus Automation Controller, 5500shac
Vendor: CVE Published:; 30 January 2023

Summary

An improper authentication vulnerability exists in several C-Bus Network Automation Controller products from Schneider Electric. This vulnerability can potentially allow unauthorized access to the device, enabling attackers to manipulate or control system functions through the web interface. Affected models, including various versions of the LSS5500NAC, LSS5500SHAC, and others, require updates to mitigate the risk. Users are urged to apply the latest software updates to enhance security and protect their automation systems.

Affected Version(s)

C-Bus Network Automation Controller, LSS5500NAC All

Clipsal C-Bus Network Automation Controller, 5500NAC All

Clipsal Wiser for C-Bus Automation Controller, 5500SHAC All

References

https://download.schneider-electric.com/files?p_enDocType...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 30, 2023
Vulnerability Reserved
Jun 7, 2022