CVE-2022-34757 - OpenCVE

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 (V01.401.102 and prior)

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Easergy P5 Easergy P5 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:easergy_p5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:easergy_p5:-:*:*:*:*:*:*:*

References

Link	Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2022-07-12T00:00:00

Updated: 2022-07-13T21:10:36

Reserved: 2022-06-28T00:00:00

Link: CVE-2022-34757

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-07-13T21:15:08.340

Modified: 2022-07-27T23:27:09.667

Link: CVE-2022-34757

JSON object: View

Redhat Information

No data.

CWE

CWE-327

{"containers": {"cna": {"affected": [{"product": "Easergy P5", "vendor": "Schneider Electric", "versions": [{"lessThan": "V01.401.102 ", "status": "affected", "version": "Firmware", "versionType": "custom"}]}], "datePublic": "2022-07-12T00:00:00", "descriptions": [{"lang": "en", "value": "A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 (V01.401.102 and prior)"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-13T21:10:36", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "DATE_PUBLIC": "2022-07-12T11:00:00.000Z", "ID": "CVE-2022-34757", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Easergy P5", "version": {"version_data": [{"version_affected": "<", "version_name": "Firmware", "version_value": "V01.401.102 "}]}}]}, "vendor_name": "Schneider Electric"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 (V01.401.102 and prior)"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm"}]}]}, "references": {"reference_data": [{"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf", "refsource": "MISC", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2022-34757", "datePublished": "2022-07-12T00:00:00", "dateReserved": "2022-06-28T00:00:00", "dateUpdated": "2022-07-13T21:10:36", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:easergy_p5_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0F3DF5F-6358-433F-AD79-10080959DA0F", "versionEndIncluding": "01.401.102", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:easergy_p5:-:*:*:*:*:*:*:*", "matchCriteriaId": "D642DB0E-55FF-430D-BD45-D305B13A5045", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 (V01.401.102 and prior)"}, {"lang": "es", "value": "Una CWE-327: Se presenta una vulnerabilidad de Uso de un Algoritmo Criptogr\u00e1fico Roto o Arriesgado en la que pueden usarse suites de cifrado d\u00e9biles para la conexi\u00f3n SSH entre el software Easergy Pro y el dispositivo, lo que puede permitir a un atacante observar los detalles de la comunicaci\u00f3n protegida. Productos afectados: Easergy P5 (versiones V01.401.102 y anteriores)"}], "id": "CVE-2022-34757", "lastModified": "2022-07-27T23:27:09.667", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.5, "source": "cybersecurity@se.com", "type": "Secondary"}]}, "published": "2022-07-13T21:15:08.340", "references": [{"source": "cybersecurity@se.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "cybersecurity@se.com", "type": "Primary"}]}