If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to this product, they could observe and manipulate traffic associated with product configuration. This could result in information disclosure.
A buffer copy without checking size of input vulnerability exists in Easergy P5 devices that could lead to a buffer overflow, causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping functions via GOOSE can be impacted.
Refer to CISA Advisory for the patch, upgrade, or suggested workaround information.