CVE-2022-34757 MEDIUM

CVE-2022-34757

Vendor Schneider Electric
Product Easergy P5
Weakness CWE-327 · Broken crypto
Published July 13, 2022
Last update September 16, 2024

CVSS base score

6.7/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 (V01.401.102 and prior)

Key dates

02Disclosure timeline

July 13, 2022 CVE published
September 16, 2024 Record updated