CVE-2022-22813

Q: What is the severity of CVE-2022-22813?

CVE-2022-22813 has a CVSS score of 9.8 (CRITICAL). CVE-2022-22813 is a critical vulnerability in Schneider Electric products where hard-coded TLS cryptographic keys allow attackers to decrypt and manipulate configuration traffic. Organizations using affected Schneider Electric devices with Courier tunneling communication are vulnerable to complete compromise of device configuration and control.

9.8 CRITICAL

📋 TL;DR

CVE-2022-22813 is a critical vulnerability in Schneider Electric products where hard-coded TLS cryptographic keys allow attackers to decrypt and manipulate configuration traffic. Organizations using affected Schneider Electric devices with Courier tunneling communication are vulnerable to complete compromise of device configuration and control.

💻 Affected Systems

Products:

Schneider Electric products using Courier tunneling communication

Versions: All versions prior to patched versions specified in vendor advisory

Operating Systems: Embedded systems in Schneider Electric devices

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using the vulnerable Courier tunneling protocol for configuration communication

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems allowing attackers to manipulate device configurations, disrupt operations, and potentially cause physical damage or safety incidents.

🟠

Likely Case

Attackers intercept and manipulate configuration data, leading to unauthorized changes in industrial processes, data theft, and operational disruption.

🟢

If Mitigated

With proper network segmentation and monitoring, impact limited to isolated network segments with detection of anomalous traffic patterns.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires obtaining the hard-coded TLS key and network access to the tunneling communication

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to SEVD-2022-039-03 for specific product versions

Vendor Advisory: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-03

Restart Required: Yes

Instructions:

1. Review SEVD-2022-039-03 advisory 2. Identify affected products 3. Apply vendor-provided firmware updates 4. Restart affected devices 5. Verify patch application

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices in separate network segments with strict access controls

Traffic Monitoring

all

Implement network monitoring for anomalous Courier tunneling traffic patterns

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to Courier tunneling ports
Deploy network intrusion detection systems to monitor for traffic decryption attempts

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against patched versions in SEVD-2022-039-03 advisory

Check Version:

Device-specific commands vary by product - refer to product documentation

Verify Fix Applied:

Verify firmware version matches or exceeds patched versions specified in vendor advisory

📡 Detection & Monitoring

Log Indicators:

Unauthorized configuration changes
Failed authentication attempts on tunneling ports
Unexpected device reboots

Network Indicators:

Unusual traffic patterns on Courier tunneling ports
Decrypted configuration traffic from unexpected sources

SIEM Query:

source_port:COURIER_PORT AND (decryption_attempts > 0 OR config_changes > threshold)

📊 Metadata

CVE ID: CVE-2022-22813

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: February 9, 2022

Last Updated: November 21, 2024

🔗 References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-03 Vendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-03 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Easergy P141 Firmware by Schneider Electric

Easergy P142 Firmware by Schneider Electric

Easergy P143 Firmware by Schneider Electric

Easergy P145 Firmware by Schneider Electric

Easergy P241 Firmware by Schneider Electric

Easergy P242 Firmware by Schneider Electric

Easergy P243 Firmware by Schneider Electric

Easergy P341 Firmware by Schneider Electric

Easergy P342 Firmware by Schneider Electric

Easergy P343 Firmware by Schneider Electric

Easergy P344 Firmware by Schneider Electric

Easergy P345 Firmware by Schneider Electric

Easergy P441 Firmware by Schneider Electric

Easergy P442 Firmware by Schneider Electric

Easergy P443 Firmware by Schneider Electric

Easergy P444 Firmware by Schneider Electric

Easergy P445 Firmware by Schneider Electric

Easergy P446 Firmware by Schneider Electric

Easergy P541 Firmware by Schneider Electric

Easergy P542 Firmware by Schneider Electric

Easergy P543 Firmware by Schneider Electric

Easergy P544 Firmware by Schneider Electric

Easergy P545 Firmware by Schneider Electric

Easergy P546 Firmware by Schneider Electric

Easergy P642 Firmware by Schneider Electric

Easergy P643 Firmware by Schneider Electric

Easergy P645 Firmware by Schneider Electric

Easergy P741 Firmware by Schneider Electric

Easergy P742 Firmware by Schneider Electric

Easergy P743 Firmware by Schneider Electric

Easergy P746 Firmware by Schneider Electric

Easergy P841 Firmware by Schneider Electric

Easergy P849 Firmware by Schneider Electric