CVE-2022-22725

HIGH

Easergy P3 Firmware < 30.205 - Buffer Overflow via Network Packet Processing

Title source: llm
STIX 2.1

Description

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P3 (All versions prior to V30.205)

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0279
EPSS Percentile 84.8%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-120
Status published
Products (1)
schneider-electric/easergy_p3_firmware < 30.205
Published Feb 04, 2022
Tracked Since Feb 18, 2026