Improper Verification of Cryptographic Signature in EcoStruxure Operator Terminal Expert and Pro-face BLUE
CVE-2022-41666

7HIGH

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure Operator Terminal Expert; Pro-face Blue
Vendor: CVE Published:; 4 November 2022

Summary

A vulnerability exists in Schneider Electric's EcoStruxure Operator Terminal Expert and Pro-face BLUE products due to improper verification of cryptographic signatures. This flaw permits attackers with local user privileges to load a malicious dynamic-link library (DLL), which can lead to unauthorized execution of malicious code. This poses a significant security risk, making it crucial for users to apply the relevant patches and updates to secure their systems.

Affected Version(s)

EcoStruxure Operator Terminal Expert V3.3

Pro-face BLUE V3.3

References

https://www.se.com/ww/en/download/document/SEVD-2022-284-01/

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 4, 2022
Vulnerability Reserved
Sep 27, 2022