CVE-2022-34754

MEDIUM

Acti9 PowerTag Link C (A9XELC10-A) < 1.7.5 & (A9XELC10-B) < 2.12.0 - Unauthenticated Privilege Escalation

Title source: llm

Description

A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Affected Products: Acti9 PowerTag Link C (A9XELC10-A) (V1.7.5 and prior), Acti9 PowerTag Link C (A9XELC10-B) (V2.12.0 and prior)

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-03_Acti9_PowerTag_Link_C_Security_Notification.pdf

Scores

CVSS v3 6.8

EPSS 0.0009

EPSS Percentile 24.8%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (2)

schneider-electric/acti9_powertag_link_c_\(a9xelc10-a\)_firmware < 1.7.5

schneider-electric/acti9_powertag_link_c_\(a9xelc10-b\)_firmware < 2.12.0

Published Jul 13, 2022

Tracked Since Feb 18, 2026