154 matches found
CVE-2022-30233
A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...
CVE-2022-30235
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...
CVE-2022-30235
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...
CVE-2022-30237
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...
Authentication flaw
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...
Authentication flaw
A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...
Hardcoded credentials
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...
Authentication flaw
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...
Input validation
A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...
Input validation
A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001...
CVE-2022-30238
A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...
CVE-2022-30238
Schneider Electric Wiser Smart (EER21000/EER21001, v4.5 and prior) is affected by CVE-2022-30238, a CWE-287 Improper Authentication vulnerability. The issue allows an attacker to hijack a user session and take over an admin account. Public documentation across sources confirms the affected produc...
CVE-2022-30237
The CVE-2022-30237 vulnerability concerns Schneider Electric Wiser Smart and related EER21000/EER21001 versions (V4.5 and prior) with a CWE-311 Missing Encryption of Sensitive Data issue. The root cause is lack of encryption allowing authentication credentials to be recovered if an attacker break...
CVE-2022-30236
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...
CVE-2022-30236
CVE-2022-30236 affects Schneider Electric Wiser Smart devices (EER21000/EER21001, V4.5 and prior). The vulnerability is CWE-669: Incorrect Resource Transfer Between Spheres, enabling unauthorized access via cross-domain attacks. Affected components are within the Wiser Smart platform; the NVD and...
CVE-2022-30235
CVE-2022-30235 applies to Schneider Electric Wiser Smart and related EER21000/EER21001 devices (V4.5 and earlier). The vulnerability is CWE-307: Improper Restriction of Excessive Authentication Attempts, enabling brute‑force-style unauthorized access. The evidence indicates a network-based risk w...
CVE-2022-30235
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...
CVE-2022-30234
CVE-2022-30234 affects Schneider Electric Wiser Smart devices (EER21000/EER21001, v4.5 and prior). Root cause: CWE-798—Use of Hard-coded Credentials. Impact per the entry: potential arbitrary code execution when root access is obtained, i.e., full compromise of affected OT asset. CVSSv3.1 base sc...
CVE-2022-30233
A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...
CVE-2022-30233
CVE-2022-30233 involves a CWE-20 (Imporper Input Validation) flaw affecting Schneider Electric Wiser Smart and EER21000/EER21001 (V4.5 and prior). The root cause is improper input validation that could allow manipulation when a user is tricked into certain webpage actions. Public details in conne...