Vulnerability Details CVE-2022-34756
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 (V01.401.102 and prior)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.3%
CVSS Severity
CVSS v3 Score 8.8
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf
Products affected by CVE-2022-34756
-
cpe:2.3:h:schneider-electric:easergy_p5:-
-
cpe:2.3:o:schneider-electric:easergy_p5_firmware:01.401.101
-
cpe:2.3:o:schneider-electric:easergy_p5_firmware:01.401.102