How severe is CVE-2022-22807?

CVE-2022-22807 has a CVSS v3 score of 7.4 (HIGH).

CVE-2022-22807

7.4HIGH

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use t

Veröffentlicht: 2/9/2022Aktualisiert: 11/21/2024

Beschreibung

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)

KI-AnalyseKI-gestützt

Betroffene Produkte

schneider-electrichmibscea53d1edb_firmware

schneider-electrichmibscea53d1edb

schneider-electrichmibscea53d1eds_firmware

schneider-electrichmibscea53d1eds

schneider-electrichmibscea53d1edm_firmware

schneider-electrichmibscea53d1edm

schneider-electrichmibscea53d1edl_firmware

schneider-electrichmibscea53d1edl

schneider-electrichmibscea53d1ess_firmware

schneider-electrichmibscea53d1ess

schneider-electrichmibscea53d1esm_firmware

schneider-electrichmibscea53d1esm

schneider-electrichmibscea53d1eml_firmware

schneider-electrichmibscea53d1eml

Referenzen

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02
Vendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02
Vendor Advisory