Rewterz Threat Advisory – CVE-2022-20002 – Google Android Vulnerability
December 3, 2021Rewterz Threat Advisory – ICS: Johnson Controls Entrapass Vulnerability
December 3, 2021Rewterz Threat Advisory – CVE-2022-20002 – Google Android Vulnerability
December 3, 2021Rewterz Threat Advisory – ICS: Johnson Controls Entrapass Vulnerability
December 3, 2021Severity
High
Analysis Summary
CVE-2021-22799
An insufficient entropy vulnerability exists, which could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry.
Impact
- Information Disclosure
Affected Vendors
- Schneider Electric
Affected Products
- Schneider Electric Software Update: v2.3.0 through v2.5.1
Remediation
Refer to CISA Advisory for the patch, upgrade, or suggested workaround information.