Описание
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
EPSS
7.9 High
CVSS3
8.3 High
CVSS3
Дефекты
Связанные уязвимости
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)
Уязвимость программного средства администрирования безопасности Schneider Electric EcoStruxure Cybersecurity Admin Expert (CAE), связанная с ошибками подтверждения подлинности сертификата, позволяющая нарушителю провести атаки типа «человек посередине» и раскрыть защищаемую информацию
EPSS
7.9 High
CVSS3
8.3 High
CVSS3