CVE-2022-34757

MEDIUM

Easergy P5 Firmware < 01.401.102 - Use of a Broken or Risky Cryptographic Algorithm in SSH Connection

Title source: llm

Description

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 (V01.401.102 and prior)

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf

Scores

CVSS v3 6.7

EPSS 0.0017

EPSS Percentile 38.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H

Details

CWE

CWE-327

Status published

Products (1)

schneider-electric/easergy_p5_firmware < 01.401.102

Published Jul 13, 2022

Tracked Since Feb 18, 2026