Lucene search

[email protected]CVE-2022-32518

HistoryJan 30, 2023 - 11:15 p.m.

CVE-2022-32518

2023-01-3023:15:10

CWE-522

[email protected]

web.nvd.nist.gov

cve-2022-32518

cwe-522

data center expert

security vulnerability

network access

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.2%

JSON

A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0)

Affected configurations

NVD

Node

schneider-electricdata_center_expertRange<7.9.0

CPENameOperatorVersion
schneider-electric:data_center_expertschneider-electric data center expertlt7.9.0

CPE	Name	Operator	Version
schneider-electric:data_center_expert	schneider-electric data center expert	lt	7.9.0

CNA Affected

[
  {
    "vendor": "Schneider Electric",
    "product": "Data Center Expert",
    "versions": [
      {
        "version": "All",
        "status": "affected",
        "lessThan": "V7.9.0",
        "versionType": "custom"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.2%

JSON

Related for CVE-2022-32518

nvd2 prion2 cve1 cvelist2