CVE-2022-41669

Published: Nov 4, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Affected (6)

Products: Schneider Electric: Ecostruxure Operator Terminal Expert, Pro Face Blue

Schneider Electric

2 products

Ecostruxure Operator Terminal Expert

Pro Face Blue

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Ecostruxure Operator Terminal Expert	Before 3.3
Schneider Electric Ecostruxure Operator Terminal Expert	Version 3.3
Schneider Electric Ecostruxure Operator Terminal Expert	Version 3.3 hotfix1
Schneider Electric Pro Face Blue	Before 3.3
Schneider Electric Pro Face Blue	Version 3.3
Schneider Electric Pro Face Blue	Version 3.3 hotfix1

Related CWEs

CWE-347

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://www.se.com/ww/en/download/document/SEVD-2022-284-01/

Source: cybersecurity@se.com

PatchVendor Advisory

https://www.se.com/ww/en/download/document/SEVD-2022-284-01/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.