5.9
CVE-2022-24320
- EPSS 0.54%
- Veröffentlicht 09.02.2022 23:15:20
- Zuletzt bearbeitet 21.11.2024 06:50:09
- Quelle cybersecurity@se.com
- CVE-Watchlists
- Unerledigt
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.54% | 0.416 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0019/MNDT-2022-0019.md