Schneider Electric EcoStruxure EV Charging Expert unauthorized access | CVE-2022-22808
NAME
Schneider Electric EcoStruxure EV Charging Expert unauthorized access
- Platforms Affected:
Schneider Electric EcoStruxure EV Charging Expert HMIBSCEA53D1EDB
Schneider Electric EcoStruxure EV Charging Expert HMIBSCEA53D1EDS
Schneider Electric EcoStruxure EV Charging Expert HMIBSCEA53D1EDM
Schneider Electric EcoStruxure EV Charging Expert HMIBSCEA53D1EDL
Schneider Electric EcoStruxure EV Charging Expert HMIBSCEA53D1ESS
Schneider Electric EcoStruxure EV Charging Expert HMIBSCEA53D1ESM
Schneider Electric EcoStruxure EV Charging Expert HMIBSCEA53D1EML - Risk Level:
8.2 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
Schneider Electric EcoStruxure EV Charging Expert could allow a remote attacker to gain unauthorized access to the system, caused by a permissive cross-domain policy with untrusted domains. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to gain unauthorized access to restricted resources.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: None
- Remediation Level: Official Fix
MITIGATION
Refer to Schneider Electric SEVD-2022-039-02 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02 - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22808
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
