Improper Certificate Validation in EcoStruxure Cybersecurity Admin Expert by Schneider Electric
CVE-2022-32748

7.9HIGH

Key Information:

Vendor

Schneider Electric
Status
Ecostruxure™ Cybersecurity Admin Expert (cae)
Vendor
CVE Published:
30 January 2023

What is CVE-2022-32748?

An improper certificate validation vulnerability exists in Schneider Electric's EcoStruxure Cybersecurity Admin Expert (CAE), which can lead to incorrect data being presented to users during device configuration. Additionally, this flaw may cause sensitive credentials to leak, potentially allowing attackers to access the configuration tool and compromise additional devices within the network. This vulnerability highlights the necessity for reliable certificate verification processes to safeguard both user data and device integrity.

Affected Version(s)

EcoStruxure™ Cybersecurity Admin Expert (CAE) All < 2.2

References

https://download.schneider-electric.com/files?p_enDocType...

CVSS V3.1

Score:
7.9
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.