CVE-2022-32513

Published Jan 30, 2023

Last updated 2 years ago

CVSS critical 9.8

Overview

Description: A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)
Source: cybersecurity@se.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

cybersecurity@se.com: CWE-521

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:5500ac2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1E9DDB3B-9342-4729-9EE7-703426B9670C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:5500ac2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7628A67-6DD8-47B7-9112-C130AF0DA9BD",
            "versionEndExcluding": "1.11.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:5500nac:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CDCFD29E-C66E-41F4-B578-095C08799994"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:5500nac_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD075DCC-90DA-45A1-ADC9-ADD7D984B2F9",
            "versionEndExcluding": "1.11.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:5500nac2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BF623989-1FC8-44D5-9B4B-42CDCF31B824"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:5500nac2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7B729EF-ECCC-41E1-BF89-E2EAB013144F",
            "versionEndExcluding": "1.11.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:5500shac:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "91E6F8C8-BC42-4EA0-B36F-96CCE73B080F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:5500shac_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D414788B-B8B5-41A0-8946-433D7A308F4D",
            "versionEndExcluding": "1.11.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:lss5500nac:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0844B578-39C4-413F-9CE9-5DA12A02CE8A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:lss5500nac_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1F807FA-B4A7-4917-80D9-1D9D3AA96516",
            "versionEndExcluding": "1.11.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:lss5500shac:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0B48CA89-FC26-45D4-91C3-F2BD74DC3FBC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:lss5500shac_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B231797-8810-4C77-BD0B-0C8A6FBD8C2B",
            "versionEndExcluding": "1.11.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References