CVE-2022-46680

HIGH

PowerLogic ION9000, ION7400, PM8000, ION8650, ION8800 Firmware < 4.0.0 - Cleartext Transmission of Sensitive Information

Title source: llm

Description

A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic.

References (1)

Core 1

Core References

Vendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-03.pdf

Scores

CVSS v3 8.8

EPSS 0.0014

EPSS Percentile 33.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-319

Status published

Products (5)

schneider-electric/powerlogic_ion7400_firmware < 4.0.0

schneider-electric/powerlogic_ion8650_firmware

schneider-electric/powerlogic_ion8800_firmware

schneider-electric/powerlogic_ion9000_firmware < 4.0.0

schneider-electric/powerlogic_pm8000_firmware < 4.0.0

Published May 22, 2023

Tracked Since Feb 18, 2026