Lucene search

SchneiderCVELIST:CVE-2022-30232

HistoryJun 02, 2022 - 10:45 p.m.

CVE-2022-30232

2022-06-0222:45:16

CWE-20

schneider

www.cve.org

improper input validation

remote code execution

wiser smart

eer21000

eer21001

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.003

Percentile

71.3%

JSON

A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)

CNA Affected

[
  {
    "product": "Power Logic ION Setup",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThan": "3.2.22096.01",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  }
]

References

www.se.com/ww/en/download/document/SEVD-2022-130-01/

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.003

Percentile

71.3%

JSON

Related for CVELIST:CVE-2022-30232