Vulnerabilities > CVE-2022-32747 - Unspecified vulnerability in Schneider-Electric Ecostruxure Cybersecurity Admin Expert 2.2

047910
CVSS 8.1 - HIGH
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
HIGH
low complexity
schneider-electric

Summary

A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)