CVE-2022-34754

Published: Jul 13, 2022Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Affected Products: Acti9 PowerTag Link C (A9XELC10-A) (V1.7.5 and prior), Acti9 PowerTag Link C (A9XELC10-B) (V2.12.0 and prior)

Affected (2)

Products: Schneider Electric: Acti9 Powertag Link C (a9xelc10 A) Firmware, Acti9 Powertag Link C (a9xelc10 B) Firmware

Schneider Electric

2 products

Acti9 Powertag Link C (a9xelc10 A) Firmware

Acti9 Powertag Link C (a9xelc10 B) Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Acti9 Powertag Link C (a9xelc10 A) Firmware	Up to 1.7.5

Running on/with	Platform Versions
Schneider Electric Acti9 Powertag Link C (a9xelc10 A)	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Acti9 Powertag Link C (a9xelc10 B) Firmware	Up to 2.12.0

Running on/with	Platform Versions
Schneider Electric Acti9 Powertag Link C (a9xelc10 B)	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-03_Acti9_PowerTag_Link_C_Security_Notification.pdf

Source: cybersecurity@se.com

PatchVendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-03_Acti9_PowerTag_Link_C_Security_Notification.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.