Authentication Bypass Vulnerability in EcoStruxure™ Cybersecurity Admin Expert by Schneider Electric
CVE-2022-32747

8HIGH

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure™ Cybersecurity Admin Expert (cae)
Vendor: CVE Published:; 30 January 2023

Summary

A vulnerability exists in EcoStruxure™ Cybersecurity Admin Expert that allows an attacker to bypass authentication mechanisms. This could result in unauthorized access, leading to the risk of legitimate users being locked out of their devices. Additionally, it may enable the creation of backdoor accounts by spoofing a device connected to the local network, compromising the security of the overall system.

Affected Version(s)

EcoStruxure™ Cybersecurity Admin Expert (CAE) All < 2.2

References

https://download.schneider-electric.com/files?p_enDocType...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 30, 2023
Vulnerability Reserved
Jun 9, 2022