CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2022-32514
https://notcve.org/view.php?id=CVE-2022-32514
A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0) Existe una vulnerabilidad CWE-287: autenticación incorrecta que podría permitir a un atacante obtener control del dispositivo al iniciar sesión en una página web. Productos afectados: Controlador de automatización de red C-Bus - LSS5500NAC (versiones anteriores a V1.10.0), Wiser para controlador de automatización de red C-Bus - LSS5500SHAC (versiones anteriores a V1.10.0), Controlador de automatización de red Clipsal C-Bus - 5500NAC (versiones anteriores a V1.10.0), Clipsal Wiser para controlador de automatización C-Bus - 5500SHAC (versiones anteriores a V1.10.0), controlador de automatización de red SpaceLogic C-Bus - 5500NAC2 (versiones anteriores a V1.10.0), controlador de aplicaciones SpaceLogic C-Bus - 5500AC2 (Versiones anteriores a V1.10.0) • https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-06_C-Bus_Home_Automation_Products_Security_Notification.pdf • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32521
https://notcve.org/view.php?id=CVE-2022-32521
A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0) • https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32527
https://notcve.org/view.php?id=CVE-2022-32527
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) Existe una vulnerabilidad CWE-120: copia del búfer sin comprobar el tamaño de la entrada que podría causar un desbordamiento de búfer en la región stack de la memoria, lo que podría conducir a la ejecución remota de código cuando un atacante envía mensajes de datos de caché de alarma especialmente manipulados. Productos afectados: IGSS Data Server - IGSSdataServer.exe (Versiones anteriores a V15.0.0.22170) • https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0223
https://notcve.org/view.php?id=CVE-2022-0223
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22) • https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2022-32513
https://notcve.org/view.php?id=CVE-2022-32513
A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0) • https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-06_C-Bus_Home_Automation_Products_Security_Notification.pdf • CWE-521: Weak Password Requirements •