Weak Cryptographic Algorithms Vulnerability in Schneider Electric Easergy Pro Software
CVE-2022-34757

6.7MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Easergy P5
Vendor: CVE Published:; 13 July 2022

Summary

A vulnerability exists in Schneider Electric's Easergy Pro software, where the use of weak cipher suites for SSH connections compromises the security of communications. This flaw allows attackers to potentially observe sensitive information exchanged during the connection, highlighting the critical need for robust cryptographic practices to protect digital communications.

Affected Version(s)

Easergy P5 Firmware

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 13, 2022
Vulnerability Reserved
Jun 28, 2022