CVE-2022-32748 HIGH

CVE-2022-32748

Vendor Schneider Electric
Product EcoStruxure™ Cybersecurity Admin Expert (CAE)
Weakness CWE-295
Published January 30, 2023
Last update February 5, 2025

CVSS base score

7.9/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)

Key dates

02Disclosure timeline

January 30, 2023 CVE published
February 5, 2025 Record updated