Sign-up

ID

VAR-202201-0617


CVE

CVE-2022-22723


TITLE

Easergy P5  Buffer Overflow Vulnerability in Linux

Trust: 0.8

sources: JVNDB: JVNDB-2022-001378

DESCRIPTION

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101). Easergy P5 Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Schneider Electric Easergy P5 is a protection relay from Schneider Electric, France, for demanding medium voltage applications. A buffer overflow vulnerability exists in Schneider Electric Easergy P5, which exists due to a boundary error when handling untrusted input. An attacker could exploit this vulnerability to execute arbitrary code on the system

Trust: 2.25

sources: NVD: CVE-2022-22723 // JVNDB: JVNDB-2022-001378 // CNVD: CNVD-2022-70104 // VULMON: CVE-2022-22723

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-70104

AFFECTED PRODUCTS

vendor:schneider electricmodel:easergy p5scope:ltversion:01.401.101

Trust: 1.0

vendor:schneider electricmodel:easergy p5scope:eqversion: -

Trust: 0.8

vendor:schneider electricmodel:easergy p5scope:eqversion:easergy p5 firmware 01.401.101

Trust: 0.8

vendor:schneidermodel:electric easergy p5scope:ltversion:01.401.101

Trust: 0.6

sources: CNVD: CNVD-2022-70104 // JVNDB: JVNDB-2022-001378 // NVD: CVE-2022-22723

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22723
value: HIGH

Trust: 1.0

NVD: CVE-2022-22723
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-70104
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202201-940
value: HIGH

Trust: 0.6

VULMON: CVE-2022-22723
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-22723
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-70104
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-22723
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-22723
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-70104 // VULMON: CVE-2022-22723 // JVNDB: JVNDB-2022-001378 // CNNVD: CNNVD-202201-940 // NVD: CVE-2022-22723

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-001378 // NVD: CVE-2022-22723

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202201-940

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202201-940

PATCH

title:SEVD-2022-011-03url:https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-03

Trust: 0.8

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-22723 // JVNDB: JVNDB-2022-001378

EXTERNAL IDS

db:NVDid:CVE-2022-22723

Trust: 3.9

db:SCHNEIDERid:SEVD-2022-011-03

Trust: 1.7

db:ICS CERTid:ICSA-22-055-03

Trust: 1.5

db:JVNid:JVNVU95341726

Trust: 0.8

db:JVNDBid:JVNDB-2022-001378

Trust: 0.8

db:CNVDid:CNVD-2022-70104

Trust: 0.6

db:CS-HELPid:SB2022011209

Trust: 0.6

db:AUSCERTid:ESB-2022.0825

Trust: 0.6

db:CNNVDid:CNNVD-202201-940

Trust: 0.6

db:VULMONid:CVE-2022-22723

Trust: 0.1

sources: CNVD: CNVD-2022-70104 // VULMON: CVE-2022-22723 // JVNDB: JVNDB-2022-001378 // CNNVD: CNNVD-202201-940 // NVD: CVE-2022-22723

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2022-22723

Trust: 2.0

url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-011-03

Trust: 1.7

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-03

Trust: 0.9

url:http://jvn.jp/vu/jvnvu95341726/index.html

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022011209

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0825

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-055-03

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/120.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: CNVD: CNVD-2022-70104 // VULMON: CVE-2022-22723 // JVNDB: JVNDB-2022-001378 // CNNVD: CNNVD-202201-940 // NVD: CVE-2022-22723

CREDITS

Paul Noalhyt, and Yuanzhe Wu at Red Balloon Security reported these vulnerabilities to CISA.,Timothée Chauvin

Trust: 0.6

sources: CNNVD: CNNVD-202201-940

SOURCES

db:CNVDid:CNVD-2022-70104
db:VULMONid:CVE-2022-22723
db:JVNDBid:JVNDB-2022-001378
db:CNNVDid:CNNVD-202201-940
db:NVDid:CVE-2022-22723

LAST UPDATE DATE

2024-11-23T21:33:12.425000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-70104date:2022-10-20T00:00:00
db:VULMONid:CVE-2022-22723date:2022-02-10T00:00:00
db:JVNDBid:JVNDB-2022-001378date:2022-02-28T08:50:00
db:CNNVDid:CNNVD-202201-940date:2022-02-28T00:00:00
db:NVDid:CVE-2022-22723date:2024-11-21T06:47:19.553

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-70104date:2022-10-21T00:00:00
db:VULMONid:CVE-2022-22723date:2022-02-04T00:00:00
db:JVNDBid:JVNDB-2022-001378date:2022-02-28T00:00:00
db:CNNVDid:CNNVD-202201-940date:2022-01-12T00:00:00
db:NVDid:CVE-2022-22723date:2022-02-04T23:15:13.113