Easergy P5

Plan Patch8.8SEVD-2022-193-04Jul 12, 2022

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Easergy P5 medium voltage protection relays contain multiple vulnerabilities (buffer overflow, weak cryptography, and improper input validation) that could allow an attacker with network access to gain full control of the relay without authentication. Successful exploitation could result in device reboot, credential disclosure, denial of service, or complete loss of electrical network protection functions. The vulnerability affects Easergy P5 firmware versions V01.401.102 and earlier.

What this means

What could happen

An attacker could gain full control of the Easergy P5 relay, potentially disabling electrical protection or causing denial of service to the device. This could result in loss of protection for your medium voltage electrical distribution network.

Who's at risk

Electrical utilities and industrial facilities operating Schneider Electric Easergy P5 medium voltage protection relays should prioritize patching this vulnerability. These devices protect electrical networks, and compromise could disable critical protection functions across distribution systems.

How it could be exploited

An attacker with network access to the Easergy P5 could exploit buffer overflow (CWE-120), weak cryptography (CWE-327), or improper input validation (CWE-20) vulnerabilities to execute arbitrary code on the relay, gaining administrative control of the device.

Prerequisites

Network access to the Easergy P5 relay
No authentication required

remotely exploitableno authentication requiredlow complexityaffects safety/protection systems

Exploitability

Moderate exploit probability (EPSS 1.9%)

Affected products (1)

ProductAffected VersionsFix Status

Easergy P5 <=V01.401.102≤ V01.401.102V01.402.101

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Easergy P5 firmware to version V01.402.101 or later

CVEs (3)

CVE-2022-34756 CVE-2022-34757 CVE-2022-34758

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a15eeb40-41e0-467b-a0a2-ea778dcb42ab