CVE-2022-46680 HIGH

CVE-2022-46680

Vendor Schneider Electric

Product PowerLogic ION9000

Weakness CWE-319 · Cleartext transmission

Published May 22, 2023

Last update January 21, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic.

Key dates

02Disclosure timeline

May 22, 2023 CVE published

January 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-46680 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/319.html

Related vulnerabilities

Identifiers

CVE CVE-2022-46680

CWE CWE-319

CVSS 8.8 / HIGH

Affected versions

Vendor Schneider Electric

Product PowerLogic ION9000

Affected Prior to 4.0.0

Vendor Schneider Electric

Product PowerLogic ION7400

Affected Prior to 4.0.0

Vendor Schneider Electric

Product PowerLogic PM8000

Affected Prior to 4.0.0

Vendor Schneider Electric

Product PowerLogic ION8650

Affected All Versions

Vendor Schneider Electric

Product PowerLogic ION8800

Affected All Versions

Vendor Schneider Electric

Product Legacy ION products

Affected All Versions

CVE-2022-46680

01Description

02Disclosure timeline

03References

04Related CVE