// For flags

CVE-2022-41669

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Existe una vulnerabilidad CWE-347: Verificación Inadecuada de Firma Criptográfica en el componente SGIUtility que permite a adversarios con privilegios de usuario local cargar una DLL maliciosa que podría resultar en la ejecución de código malicioso. Productos afectados: EcoStruxure Operator Terminal Expert (V3.3 Hotfix 1 o anterior), Pro-face BLUE (V3.3 Hotfix 1 o anterior).

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-09-27 CVE Reserved
  • 2022-11-04 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-347: Improper Verification of Cryptographic Signature
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Schneider-electric
Search vendor "Schneider-electric"
Ecostruxure Operator Terminal Expert
Search vendor "Schneider-electric" for product "Ecostruxure Operator Terminal Expert"
< 3.3
Search vendor "Schneider-electric" for product "Ecostruxure Operator Terminal Expert" and version " < 3.3"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
Ecostruxure Operator Terminal Expert
Search vendor "Schneider-electric" for product "Ecostruxure Operator Terminal Expert"
3.3
Search vendor "Schneider-electric" for product "Ecostruxure Operator Terminal Expert" and version "3.3"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
Ecostruxure Operator Terminal Expert
Search vendor "Schneider-electric" for product "Ecostruxure Operator Terminal Expert"
3.3
Search vendor "Schneider-electric" for product "Ecostruxure Operator Terminal Expert" and version "3.3"
hotfix1
Affected
Schneider-electric
Search vendor "Schneider-electric"
Pro-face Blue
Search vendor "Schneider-electric" for product "Pro-face Blue"
< 3.3
Search vendor "Schneider-electric" for product "Pro-face Blue" and version " < 3.3"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
Pro-face Blue
Search vendor "Schneider-electric" for product "Pro-face Blue"
3.3
Search vendor "Schneider-electric" for product "Pro-face Blue" and version "3.3"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
Pro-face Blue
Search vendor "Schneider-electric" for product "Pro-face Blue"
3.3
Search vendor "Schneider-electric" for product "Pro-face Blue" and version "3.3"
hotfix1
Affected