CVE-2022-2988

low-risk
Published 2023-01-30

A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC (Versions prior to V2.1.0), EcoStruxure Machine Expert – HVAC (Versions prior to V1.4.0)

Do I need to act?

-
0.32% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (2)

Ecostruxure Machine Expert - Hvac
Somachine Hvac

Affected Vendors

Schneider-Electric

References (2)

Release Notes https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-01&p_enDoc...
Release Notes https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-01&p_enDoc...
26
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 7/34 · Low