CVE-2022-22813

high-risk
Published 2022-02-09

A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they could potentially observe and manipulate traffic associated with product configuration.

Do I need to act?

-
0.41% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Easergy P141 Firmware
Easergy P142 Firmware
Easergy P143 Firmware
Easergy P145 Firmware
Easergy P241 Firmware
Easergy P242 Firmware
Easergy P243 Firmware
Easergy P342 Firmware
Easergy P343 Firmware
Easergy P344 Firmware
Easergy P345 Firmware
Easergy P441 Firmware
Easergy P442 Firmware
Easergy P443 Firmware
Easergy P444 Firmware
Easergy P445 Firmware
Easergy P446 Firmware
Easergy P541 Firmware
Easergy P542 Firmware
Easergy P543 Firmware

Affected Vendors

Schneider-Electric

References (2)

Vendor Advisory https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-03
Vendor Advisory https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-03
57
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 23/34 · High