Lucene search

SchneiderCVELIST:CVE-2022-32517

HistoryJan 30, 2023 - 12:00 a.m.

CVE-2022-32517

2023-01-3000:00:00

CWE-1021

schneider

www.cve.org

cwe-1021

vulnerability

ui layers

frames

conext combox

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

28.2%

JSON

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: Conext™ ComBox (All Versions)

CNA Affected

[
  {
    "vendor": "Schneider Electric",
    "product": "Conext™ ComBox",
    "versions": [
      {
        "version": "All Versions",
        "status": "affected"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

28.2%

JSON

Related for CVELIST:CVE-2022-32517