CVE-2022-32514 - Vulnerability Details

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Schneider-electric	5500ac2 5500ac2 Firmware 5500nac 5500nac2 5500nac2 Firmware 5500nac Firmware 5500shac 5500shac Firmware Lss5500nac Lss5500nac Firmware Lss5500shac Lss5500shac Firmware

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:5500ac2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:5500ac2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:5500nac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:5500nac:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:schneider-electric:5500nac2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:5500nac2:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:schneider-electric:5500shac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:5500shac:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:schneider-electric:lss5500nac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:lss5500nac:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:schneider-electric:lss5500shac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:lss5500shac:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-06_C-Bus_Home_Automation_Products_Security_Notification.pdf

History

Wed, 05 Feb 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2023-01-30T00:00:00.000Z

Updated: 2025-02-05T20:18:27.254Z

Reserved: 2022-06-07T00:00:00.000Z

Link: CVE-2022-32514

Vulnrichment

Updated: 2024-08-03T07:46:43.528Z

NVD

Status : Modified

Published: 2023-01-30T23:15:10.007

Modified: 2024-11-21T07:06:32.053

Link: CVE-2022-32514

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object