CVE-2022-46680 - Vulnerability Details - OpenCVE

A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Schneider-electric	Powerlogic Ion7400 Powerlogic Ion7400 Firmware Powerlogic Ion8650 Powerlogic Ion8650 Firmware Powerlogic Ion8800 Powerlogic Ion8800 Firmware Powerlogic Ion9000 Powerlogic Ion9000 Firmware Powerlogic Pm8000 Powerlogic Pm8000 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:powerlogic_ion9000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:powerlogic_ion9000:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:powerlogic_ion7400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:powerlogic_ion7400:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:schneider-electric:powerlogic_pm8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:powerlogic_pm8000:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:schneider-electric:powerlogic_ion8650_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:powerlogic_ion8650:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:schneider-electric:powerlogic_ion8800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:powerlogic_ion8800:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-03.pdf

History

Tue, 21 Jan 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2023-05-22T13:25:40.615Z

Updated: 2025-01-21T15:05:49.099Z

Reserved: 2022-12-06T21:51:38.755Z

Link: CVE-2022-46680

Vulnrichment

Updated: 2024-08-03T14:39:38.551Z

NVD

Status : Modified

Published: 2023-05-22T14:15:09.433

Modified: 2024-11-21T07:30:53.443

Link: CVE-2022-46680

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-46680", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "state": "PUBLISHED", "assignerShortName": "schneider", "dateReserved": "2022-12-06T21:51:38.755Z", "datePublished": "2023-05-22T13:25:40.615Z", "dateUpdated": "2025-01-21T15:05:49.099Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerLogic ION9000", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Prior to 4.0.0"}]}, {"defaultStatus": "unaffected", "product": "PowerLogic ION7400", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Prior to 4.0.0"}]}, {"defaultStatus": "unaffected", "product": " PowerLogic PM8000", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "Prior to 4.0.0"}]}, {"defaultStatus": "unaffected", "product": "PowerLogic ION8650", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "All Versions"}]}, {"defaultStatus": "unaffected", "product": "PowerLogic ION8800", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "All Versions"}]}, {"defaultStatus": "unaffected", "product": "Legacy ION products", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "All Versions"}]}], "datePublic": "2023-05-09T13:18:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nA CWE-319: Cleartext transmission of sensitive information vulnerability exists that could\ncause disclosure of sensitive information, denial of service, or modification of data if an attacker\nis able to intercept network traffic. \n\n"}], "value": "\nA CWE-319: Cleartext transmission of sensitive information vulnerability exists that could\ncause disclosure of sensitive information, denial of service, or modification of data if an attacker\nis able to intercept network traffic. \n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2023-05-22T13:25:40.615Z"}, "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-03.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:39:38.551Z"}, "title": "CVE Program Container", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-03.pdf", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-21T15:05:13.390998Z", "id": "CVE-2022-46680", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T15:05:49.099Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-03.pdf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:39:38.551Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-46680", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-21T15:05:13.390998Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T15:05:31.148Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Schneider Electric", "product": "PowerLogic ION9000", "versions": [{"status": "affected", "version": "Prior to 4.0.0"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "PowerLogic ION7400", "versions": [{"status": "affected", "version": "Prior to 4.0.0"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": " PowerLogic PM8000", "versions": [{"status": "affected", "version": "Prior to 4.0.0"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "PowerLogic ION8650", "versions": [{"status": "affected", "version": "All Versions"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "PowerLogic ION8800", "versions": [{"status": "affected", "version": "All Versions"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Legacy ION products", "versions": [{"status": "affected", "version": "All Versions"}], "defaultStatus": "unaffected"}], "datePublic": "2023-05-09T13:18:00.000Z", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-03.pdf"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nA CWE-319: Cleartext transmission of sensitive information vulnerability exists that could\ncause disclosure of sensitive information, denial of service, or modification of data if an attacker\nis able to intercept network traffic. \n\n", "supportingMedia": [{"type": "text/html", "value": "\n\nA CWE-319: Cleartext transmission of sensitive information vulnerability exists that could\ncause disclosure of sensitive information, denial of service, or modification of data if an attacker\nis able to intercept network traffic. \n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2023-05-22T13:25:40.615Z"}}}, "cveMetadata": {"cveId": "CVE-2022-46680", "state": "PUBLISHED", "dateUpdated": "2025-01-21T15:05:49.099Z", "dateReserved": "2022-12-06T21:51:38.755Z", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "datePublished": "2023-05-22T13:25:40.615Z", "assignerShortName": "schneider"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion9000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "50C920E5-0F21-4DBB-9D0E-424F8C1A9B85", "versionEndExcluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "6718EAAA-074D-4807-AC2D-DD0A06D397FB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion7400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E43DFCA4-7ED0-4E61-872A-ECD08659A52B", "versionEndExcluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion7400:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8F28EAA-FC60-4CE0-BD39-DFD3EB88E195", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:powerlogic_pm8000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A560510-3A07-4EBB-8E2D-E473EE9B59C9", "versionEndExcluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:powerlogic_pm8000:-:*:*:*:*:*:*:*", "matchCriteriaId": "B16A7BEC-1BED-4A61-A6C9-BF7DB13B998C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion8650_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7EFB1251-11AE-4A77-AB68-26D6B58C8F33", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion8650:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBC3A306-D4F4-4C2A-9D60-DD8F0826AEEC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion8800_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1F09F7B-3FFE-4F3A-B79B-3C6B3B718501", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion8800:-:*:*:*:*:*:*:*", "matchCriteriaId": "46E8E79E-6DA7-4094-9622-3B91D5913493", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nA CWE-319: Cleartext transmission of sensitive information vulnerability exists that could\ncause disclosure of sensitive information, denial of service, or modification of data if an attacker\nis able to intercept network traffic. \n\n"}], "id": "CVE-2022-46680", "lastModified": "2024-11-21T07:30:53.443", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cybersecurity@se.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-22T14:15:09.433", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-03.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-03.pdf"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "cybersecurity@se.com", "type": "Secondary"}]}