ID

VAR-202305-2074


CVE

CVE-2022-46680


TITLE

Schneider Electric  Made  PowerLogic  Vulnerability of Plain Text Transmission of Sensitive Information in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002903

DESCRIPTION

A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic. Schneider Electric Provided by the company PowerLogic The product contains the following vulnerabilities: * Plain text transmission of important information (CWE-319) - CVE-2022-46680If the vulnerability is exploited, it may be affected as follows. It was * Sensitive information may be stolen by a remote third party, or service may be disrupted ( DoS ) or have data tampered with

Trust: 1.71

sources: NVD: CVE-2022-46680 // JVNDB: JVNDB-2023-002903 // VULMON: CVE-2022-46680

AFFECTED PRODUCTS

vendor:schneider electricmodel:powerlogic ion8800scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:powerlogic ion8650scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:powerlogic ion9000scope:ltversion:4.0.0

Trust: 1.0

vendor:schneider electricmodel:powerlogic pm8000scope:ltversion:4.0.0

Trust: 1.0

vendor:schneider electricmodel:powerlogic ion7400scope:ltversion:4.0.0

Trust: 1.0

vendor:schneider electricmodel:legacy ionscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:powerlogic ion7400scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:powerlogic ion9000scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:powerlogic pm8000scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:powerlogic ion8800scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:powerlogic ion8650scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-002903 // NVD: CVE-2022-46680

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-46680
value: CRITICAL

Trust: 1.0

cybersecurity@se.com: CVE-2022-46680
value: HIGH

Trust: 1.0

NVD: CVE-2022-46680
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202305-1969
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-46680
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cybersecurity@se.com: CVE-2022-46680
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-46680
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-002903 // CNNVD: CNNVD-202305-1969 // NVD: CVE-2022-46680 // NVD: CVE-2022-46680

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.0

problemtype:Sending important information in clear text (CWE-319) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-002903 // NVD: CVE-2022-46680

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202305-1969

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202305-1969

PATCH

title:Schneider Electric Security Notification PowerLogic ION7400 / PM8000 / ION9000 Power Meters (( PDF )url:https://www.se.com/us/en/download/document/7EN52-0390/

Trust: 0.8

title:Schneider Electric PowerLogic Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=239320

Trust: 0.6

sources: JVNDB: JVNDB-2023-002903 // CNNVD: CNNVD-202305-1969

EXTERNAL IDS

db:NVDid:CVE-2022-46680

Trust: 3.3

db:SCHNEIDERid:SEVD-2023-129-03

Trust: 1.7

db:ICS CERTid:ICSA-23-229-03

Trust: 0.8

db:JVNid:JVNVU93627577

Trust: 0.8

db:JVNDBid:JVNDB-2023-002903

Trust: 0.8

db:CNNVDid:CNNVD-202305-1969

Trust: 0.6

db:VULMONid:CVE-2022-46680

Trust: 0.1

sources: VULMON: CVE-2022-46680 // JVNDB: JVNDB-2023-002903 // CNNVD: CNNVD-202305-1969 // NVD: CVE-2022-46680

REFERENCES

url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-129-03&p_endoctype=security+and+safety+notice&p_file_name=sevd-2023-129-03.pdf

Trust: 1.7

url:http://jvn.jp/vu/jvnvu93627577/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-46680

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-229-03

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-46680/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/319.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-46680 // JVNDB: JVNDB-2023-002903 // CNNVD: CNNVD-202305-1969 // NVD: CVE-2022-46680

SOURCES

db:VULMONid:CVE-2022-46680
db:JVNDBid:JVNDB-2023-002903
db:CNNVDid:CNNVD-202305-1969
db:NVDid:CVE-2022-46680

LAST UPDATE DATE

2024-08-14T14:24:04.289000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-46680date:2023-05-22T00:00:00
db:JVNDBid:JVNDB-2023-002903date:2024-05-29T08:48:00
db:CNNVDid:CNNVD-202305-1969date:2023-05-29T00:00:00
db:NVDid:CVE-2022-46680date:2023-05-27T00:54:48.257

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-46680date:2023-05-22T00:00:00
db:JVNDBid:JVNDB-2023-002903date:2023-08-21T00:00:00
db:CNNVDid:CNNVD-202305-1969date:2023-05-22T00:00:00
db:NVDid:CVE-2022-46680date:2023-05-22T14:15:09.433