Easergy P5

Plan PatchCVSS 8.8SEVD-2022-011-03Jan 11, 2022

Schneider ElectricEnergy

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric has identified multiple vulnerabilities in the Easergy P5 medium voltage protection relay. These vulnerabilities stem from hardcoded credentials (CWE-798) and buffer overflow issues (CWE-120) that allow attackers with network access to disclose device credentials, cause denial of service and device reboot, or gain full control of the relay. Successful exploitation could result in loss of electrical protection to the grid. The vulnerabilities affect all Easergy P5 firmware versions prior to 01.401.101.

What this means

What could happen

An attacker with network access to an Easergy P5 relay could steal device credentials, cause it to reboot or stop responding, or gain complete control and disable electrical protection for your medium voltage network.

Who's at risk

Utilities and energy providers managing medium voltage electrical distribution networks. This affects Easergy P5 protection relays that provide fault detection and isolation for distribution lines. Any compromise could disable critical protections and cause unplanned outages or equipment damage.

How it could be exploited

An attacker on the same network segment as the Easergy P5 could exploit hardcoded or weak credentials (CWE-798) or a buffer overflow (CWE-120) to execute arbitrary commands on the relay. No authentication is required and the attack does not involve user interaction, allowing an attacker to compromise the device remotely from the network.

Prerequisites

Network access to the Easergy P5 device on the same network segment or adjacent subnet (AV:A per CVSS vector)
No credentials or authentication required
No special configuration needed

remotely exploitableno authentication requiredlow complexity attack (AV:A, AC:L)hardcoded or weak credentials (CWE-798)buffer overflow (CWE-120)affects safety/protection systems

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

Easergy P5 < 01.401.101< 01.401.10101.401.101

Remediation & Mitigation

0/2

Do now

0/1

HARDENINGIsolate Easergy P5 relays from direct network access using network segmentation or a firewall that restricts access to only authorized engineering and monitoring systems

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Easergy P5 firmware to version 01.401.101 or 01.303.202 (depending on your current firmware version; contact Schneider Electric Customer Care Center for version selection guidance)

CVEs (2)

CVE-2022-22722 CVE-2022-22723

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e98943a0-9749-4b23-92d8-168fdbbd5031

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.