CVE-2022-32513 - Vulnerability Details

A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Schneider-electric	5500ac2 5500ac2 Firmware 5500nac 5500nac2 5500nac2 Firmware 5500nac Firmware 5500shac 5500shac Firmware Lss5500nac Lss5500nac Firmware Lss5500shac Lss5500shac Firmware

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:5500ac2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:5500ac2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:5500nac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:5500nac:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:schneider-electric:5500nac2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:5500nac2:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:schneider-electric:5500shac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:5500shac:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:schneider-electric:lss5500nac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:lss5500nac:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:schneider-electric:lss5500shac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:lss5500shac:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-06_C-Bus_Home_Automation_Products_Security_Notification.pdf

History

Wed, 05 Feb 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2023-01-30T00:00:00.000Z

Updated: 2025-02-05T20:18:33.992Z

Reserved: 2022-06-07T00:00:00.000Z

Link: CVE-2022-32513

Vulnrichment

Updated: 2024-08-03T07:46:43.427Z

NVD

Status : Modified

Published: 2023-01-30T23:15:09.927

Modified: 2024-11-21T07:06:31.907

Link: CVE-2022-32513

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object