CVE-2022-34756

HIGH

Schneider-electric Easergy P5 Firmware < 01.401.102 - Buffer Overflow

Title source: rule

Description

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 (V01.401.102 and prior)

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf

Scores

CVSS v3 8.8

EPSS 0.0187

EPSS Percentile 83.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (1)

schneider-electric/easergy_p5_firmware < 01.401.102

Published Jul 13, 2022

Tracked Since Feb 18, 2026