EUVD-2022-35814

Malicious code in bioql PyPI...

CVE-2022-32747

A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert CAE Versions prior to 2.2...

Spoofing

A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert CAE Versions prior to 2.2...

CVE-2022-32748

A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise...

CVE-2022-32747

A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert CAE Versions prior to 2.2...

Schneider Electric EcoStruxure Cybersecurity Admin Expert 安全漏洞

Schneider Electric EcoStruxure Cybersecurity Admin Expert Schneider Electric EcoStruxure CAE is a cybersecurity administration expert from Schneider Electric, France. A security vulnerability exists in versions of Schneider Electric EcoStruxure Cybersecurity Admin Expert prior to 2.2, which stems...

CVE-2022-32747

CVE-2022-32747 affects Schneider Electric’s EcoStruxure Cybersecurity Admin Expert (CAE) prior to 2.2. The issue is a CWE-290 authentication bypass by spoofing a device on the local network, which could cause legitimate users to be locked out or enable backdoor account creation. Root cause: spoof...

CVE-2022-32748

A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise...

The vulnerability of Schneider Electric’s EcoStruxure Cybersecurity Admin Expert (CAE) software relates to errors in verifying certificate authenticity. This allows attackers to carry out “man-in-the-middle” attacks and expose the protected information.

The vulnerability of Schneider Electric’s Security Management Software, EcoStruxure Cybersecurity Admin Expert CAE, is related to errors in verifying the authenticity of certificates. Exploiting this vulnerability can allow attackers to carry out “man-in-the-middle” attacks and expose the protect...