CVE-2022-34754

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-34754
A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Affected Products: Acti9 PowerTag Link C (A9XELC10-A) (V1.7.5 and prior), Acti9 PowerTag Link C (A9XELC10-B) (V2.12.0 and prior)

6.8 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-03_Acti9_PowerTag_Link_C_Security_Notification.pdf Patch Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:acti9_powertag_link_c_\(a9xelc10-a\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:acti9_powertag_link_c_\(a9xelc10-a\):-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:schneider-electric:acti9_powertag_link_c_\(a9xelc10-b\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:acti9_powertag_link_c_\(a9xelc10-b\):-:*:*:*:*:*:*:*
Information

Published : 2022-07-13 14:15

Updated : 2022-07-22 15:27

NVD link : CVE-2022-34754

Mitre link : CVE-2022-34754

JSON object : View

CWE
CWE-269

Improper Privilege Management

Advertisement

dedicated server usa
Products Affected

schneider-electric

  • acti9_powertag_link_c_\(a9xelc10-a\)_firmware
  • acti9_powertag_link_c_\(a9xelc10-b\)_firmware
  • acti9_powertag_link_c_\(a9xelc10-b\)
  • acti9_powertag_link_c_\(a9xelc10-a\)