Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-22723

Summary
Assigner-schneider
Assigner Org ID-076d1eb6-cfab-4401-b34d-6dfc2a413bdb
Published At-04 Feb, 2022 | 22:29
Updated At-03 Aug, 2024 | 03:21
Rejected At-
Credits

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101)

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:schneider
Assigner Org ID:076d1eb6-cfab-4401-b34d-6dfc2a413bdb
Published At:04 Feb, 2022 | 22:29
Updated At:03 Aug, 2024 | 03:21
Rejected At:
▼CVE Numbering Authority (CNA)

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101)

Affected Products
Vendor
n/a
Product
Easergy P5 (All firmware versions prior to V01.401.101)
Versions
Affected
  • Easergy P5 (All firmware versions prior to V01.401.101)
Problem Types
TypeCWE IDDescription
CWECWE-120CWE-120: Buffer Copy without Checking Size of Input
Type: CWE
CWE ID: CWE-120
Description: CWE-120: Buffer Copy without Checking Size of Input
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-03
x_refsource_MISC
Hyperlink: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-03
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-03
x_refsource_MISC
x_transferred
Hyperlink: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-03
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cybersecurity@se.com
Published At:04 Feb, 2022 | 23:15
Updated At:10 Feb, 2022 | 06:57

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101)

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.08.3HIGH
AV:A/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 8.3
Base severity: HIGH
Vector:
AV:A/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Schneider Electric SE
schneider-electric
>>easergy_p5_firmware>>Versions before 01.401.101(exclusive)
cpe:2.3:o:schneider-electric:easergy_p5_firmware:*:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>easergy_p5>>-
cpe:2.3:h:schneider-electric:easergy_p5:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Primarycybersecurity@se.com
CWE ID: CWE-120
Type: Primary
Source: cybersecurity@se.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-03cybersecurity@se.com
Vendor Advisory
Hyperlink: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-03
Source: cybersecurity@se.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

106Records found
CVE-2020-11155
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.37%
||
7 Day CHG~0.00%
Published-02 Nov, 2020 | 06:21
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Buffer overflow while processing PDU packet in bluetooth due to lack of check of buffer length before copying into it.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6155p_firmwaresa515m_firmwaresa415mqcn7605qca6390sa515mqcn7606_firmwaresc8180x_firmwaresa415m_firmwaresdx55apq8053sa8155psa8155p_firmwaresdx55_firmwareqca6390_firmwareapq8009_firmwareqcn7605_firmwareapq8009sa6155papq8053_firmwaresc8180xqcn7606Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-11675
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.05%
||
7 Day CHG~0.00%
Published-29 Apr, 2020 | 13:51
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3).

Action-Not Available
Vendor-cernern/a
Product-medicon/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-11676
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.05%
||
7 Day CHG~0.00%
Published-29 Apr, 2020 | 13:53
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3).

Action-Not Available
Vendor-cernern/a
Product-medicon/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-5753
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-6.3||MEDIUM
EPSS-0.23% / 45.74%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 16:09
Updated-13 Feb, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem

Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyr
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2019-20734
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.55% / 67.62%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 19:12
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.40, D8500 before 1.0.3.39, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6300v2 before 1.0.4.18, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6700v3 before 1.0.2.32, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R6900P before 1.0.0.56, R7000P before 1.0.0.56, R7100LG before 1.0.0.42, R7300DST before 1.0.0.54, R7900 before 1.0.1.26, R8300 before 1.0.2.106, R8500 before 1.0.2.106, WN2500RPv2 before 1.0.1.54, and WNR3500Lv2 before 1.2.0.46. NOTE: this may be a result of an incomplete fix for CVE-2017-18864.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6400_firmwareex3800_firmwareex6200ex7000r6900pr7100lgr7900ex3700r6900p_firmwared6220r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwarer7000_firmwarewn2500rpwn2500rp_firmwarer7300dstd6220_firmwarer6300_firmwareex6130d8500_firmwareex6000_firmwareex6100r7000p_firmwarer8500ex6130_firmwared8500r6700r8300_firmwarer7000wnr3500l_firmwareex6200_firmwareex6150r6900r7000pwnr3500lr6900_firmwareex3800r7900_firmwareex6100_firmwareex3700_firmwareex6000ex7000_firmwareex6120r6300r6400r6700_firmwareex6120_firmwareex6150_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-11154
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.37%
||
7 Day CHG~0.00%
Published-02 Nov, 2020 | 06:21
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Buffer overflow while processing a crafted PDU data packet in bluetooth due to lack of check of buffer size before copying' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6155p_firmwaresa515m_firmwaresa415mqcn7605qca6390sa515mqcn7606_firmwaresc8180x_firmwaresa415m_firmwaresdx55apq8053sa8155psa8155p_firmwaresdx55_firmwareqca6390_firmwareapq8009_firmwareqcn7605_firmwareapq8009sa6155papq8053_firmwaresc8180xqcn7606Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found