CVE-2022-32748

HIGH

EcoStruxure Cybersecurity Admin Expert < 2.4 - Improper Certificate Validation

Title source: llm

Description

A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-08_Cybersecurity_Admin_Expert_Security_Notification.pdf

Scores

CVSS v3 7.9

EPSS 0.0007

EPSS Percentile 22.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-295

Status published

Products (1)

schneider-electric/ecostruxure_cybersecurity_admin_expert < 2.4

Published Jan 30, 2023

Tracked Since Feb 18, 2026