Lucene search

SchneiderCVELIST:CVE-2022-4062

HistoryFeb 01, 2023 - 12:00 a.m.

CVE-2022-4062

2023-02-0100:00:00

CWE-285

schneider

www.cve.org

cwe-285

unauthorized access

ecostruxure power commission

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

17.9%

JSON

A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25)

CNA Affected

[
  {
    "vendor": "Schneider Electric",
    "product": "EcoStruxure Power Commission",
    "versions": [
      {
        "version": "All",
        "status": "affected",
        "lessThan": "V2.25",
        "versionType": "custom"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-347-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-347-03_EcoStruxure_Power_Commission_Security_Notification.pdf

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

17.9%

JSON

Related for CVELIST:CVE-2022-4062