12 matches found
EUVD-2022-27950
Malicious code in bioql PyPI...
EUVD-2022-27951
Malicious code in bioql PyPI...
CVE-2022-22808
A CWE-352: Cross-Site Request Forgery CSRF exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert...
CVE-2022-22808
A CWE-352: Cross-Site Request Forgery CSRF exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert...
CVE-2022-22808
A CWE-352: Cross-Site Request Forgery CSRF exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert...
CVE-2022-22807
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert former...
Design/Logic Flaw
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert former...
Cross site request forgery (csrf)
A CWE-352: Cross-Site Request Forgery CSRF exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert...
CVE-2022-22808
A CWE-352: Cross-Site Request Forgery CSRF exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert...
CVE-2022-22807
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert former...
CVE-2022-22808
Schneider Electric EcoStruxure EV Charging Expert (formerly EVlink Load Management System) is affected by a CSRF vulnerability (CVE-2022-22808) in versions prior to V4.0.0.13. The issue enables a remote attacker to gain unauthorized access by bypassing same-origin policy protections through cross...
CVE-2022-22807
The CVE-2022-22807 entry applies to EcoStruxure EV Charging Expert (pre-SP8 V4.0.0.13). Root cause: CWE-1021 Improper Restriction of Rendered UI Layers or Frames, enabling an attacker to influence the product by deceiving users to interact with an iframe-rendered web interface. Impact: potential ...