CVE-2022-34754 MEDIUM

CVE-2022-34754

Vendor Schneider Electric

Product Acti9 PowerTag Link C

Weakness CWE-269

Published July 13, 2022

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Physical

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Affected Products: Acti9 PowerTag Link C (A9XELC10-A) (V1.7.5 and prior), Acti9 PowerTag Link C (A9XELC10-B) (V2.12.0 and prior)

Key dates

02Disclosure timeline

July 13, 2022 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-34754 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

Identifiers

CVE CVE-2022-34754

CWE CWE-269

CVSS 6.8 / MEDIUM

Affected versions

Vendor Schneider Electric

Product Acti9 PowerTag Link C

Affected ≥ A9XELC10-A and < V1.7.5

Vendor Schneider Electric

Product Acti9 PowerTag Link C

Affected ≥ A9XELC10-B and < V2.12.0

CVE-2022-34754

01Description

02Disclosure timeline

03References

04Related CVE