CVE-2022-46680 - OpenCVE

A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Powerlogic Ion7400 Powerlogic Ion7400 Firmware Powerlogic Ion8650 Powerlogic Ion8650 Firmware Powerlogic Ion8800 Powerlogic Ion8800 Firmware Powerlogic Ion9000 Powerlogic Ion9000 Firmware Powerlogic Pm8000 Powerlogic Pm8000 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:schneider-electric:powerlogic_ion9000:-:*:*:*:*:*:*:*

cpe:2.3:o:schneider-electric:powerlogic_ion9000_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:schneider-electric:powerlogic_ion7400:-:*:*:*:*:*:*:*

cpe:2.3:o:schneider-electric:powerlogic_ion7400_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:schneider-electric:powerlogic_pm8000:-:*:*:*:*:*:*:*

cpe:2.3:o:schneider-electric:powerlogic_pm8000_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:schneider-electric:powerlogic_ion8650:-:*:*:*:*:*:*:*

cpe:2.3:o:schneider-electric:powerlogic_ion8650_firmware:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:schneider-electric:powerlogic_ion8800:-:*:*:*:*:*:*:*

cpe:2.3:o:schneider-electric:powerlogic_ion8800_firmware:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-03.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2023-05-22T13:25:40.615Z

Updated: 2024-08-03T14:39:38.551Z

Reserved: 2022-12-06T21:51:38.755Z

Link: CVE-2022-46680

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-22T14:15:09.433

Modified: 2023-05-27T00:54:48.257

Link: CVE-2022-46680

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-46680", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "state": "PUBLISHED", "assignerShortName": "schneider", "dateReserved": "2022-12-06T21:51:38.755Z", "datePublished": "2023-05-22T13:25:40.615Z", "dateUpdated": "2024-08-03T14:39:38.551Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerLogic ION9000", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Prior to 4.0.0"}]}, {"defaultStatus": "unaffected", "product": "PowerLogic ION7400", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Prior to 4.0.0"}]}, {"defaultStatus": "unaffected", "product": " PowerLogic PM8000", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Prior to 4.0.0"}]}, {"defaultStatus": "unaffected", "product": "PowerLogic ION8650", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "All Versions"}]}, {"defaultStatus": "unaffected", "product": "PowerLogic ION8800", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "All Versions"}]}, {"defaultStatus": "unaffected", "product": "Legacy ION products", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "All Versions"}]}], "datePublic": "2023-05-09T13:18:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nA CWE-319: Cleartext transmission of sensitive information vulnerability exists that could\ncause disclosure of sensitive information, denial of service, or modification of data if an attacker\nis able to intercept network traffic. \n\n"}], "value": "\nA CWE-319: Cleartext transmission of sensitive information vulnerability exists that could\ncause disclosure of sensitive information, denial of service, or modification of data if an attacker\nis able to intercept network traffic. \n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2023-05-22T13:25:40.615Z"}, "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-03.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:39:38.551Z"}, "title": "CVE Program Container", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-03.pdf", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "6718EAAA-074D-4807-AC2D-DD0A06D397FB", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion9000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "50C920E5-0F21-4DBB-9D0E-424F8C1A9B85", "versionEndExcluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion7400:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8F28EAA-FC60-4CE0-BD39-DFD3EB88E195", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion7400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E43DFCA4-7ED0-4E61-872A-ECD08659A52B", "versionEndExcluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:powerlogic_pm8000:-:*:*:*:*:*:*:*", "matchCriteriaId": "B16A7BEC-1BED-4A61-A6C9-BF7DB13B998C", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:powerlogic_pm8000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A560510-3A07-4EBB-8E2D-E473EE9B59C9", "versionEndExcluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion8650:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBC3A306-D4F4-4C2A-9D60-DD8F0826AEEC", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion8650_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7EFB1251-11AE-4A77-AB68-26D6B58C8F33", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion8800:-:*:*:*:*:*:*:*", "matchCriteriaId": "46E8E79E-6DA7-4094-9622-3B91D5913493", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion8800_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1F09F7B-3FFE-4F3A-B79B-3C6B3B718501", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nA CWE-319: Cleartext transmission of sensitive information vulnerability exists that could\ncause disclosure of sensitive information, denial of service, or modification of data if an attacker\nis able to intercept network traffic. \n\n"}], "id": "CVE-2022-46680", "lastModified": "2023-05-27T00:54:48.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cybersecurity@se.com", "type": "Secondary"}]}, "published": "2023-05-22T14:15:09.433", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-03.pdf"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "cybersecurity@se.com", "type": "Primary"}]}