Lucene search
K

154 matches found

NVD
NVD
added 2022/06/02 11:15 p.m.21 views

CVE-2022-30233

A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...

6.5CVSS0.00672EPSS
Exploits0References1
OSV
OSV
added 2022/06/02 11:15 p.m.6 views

CVE-2022-30235

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...

9.8CVSS5.8AI score0.00928EPSS
Exploits0References1
NVD
NVD
added 2022/06/02 11:15 p.m.21 views

CVE-2022-30235

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...

9.8CVSS0.00928EPSS
Exploits0References1
NVD
NVD
added 2022/06/02 11:15 p.m.22 views

CVE-2022-30237

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...

8.2CVSS0.00294EPSS
Exploits0References1
Prion
Prion
added 2022/06/02 11:15 p.m.20 views

Authentication flaw

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...

5CVSS9.3AI score0.00928EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2022/06/02 11:15 p.m.13 views

Authentication flaw

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...

7.5CVSS8.5AI score0.00916EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2022/06/02 11:15 p.m.13 views

Hardcoded credentials

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...

10CVSS9.5AI score0.01063EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2022/06/02 11:15 p.m.19 views

Authentication flaw

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...

5CVSS7.6AI score0.00294EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2022/06/02 11:15 p.m.15 views

Input validation

A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...

4.3CVSS6.3AI score0.00672EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2022/06/02 11:15 p.m.11 views

Input validation

A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001...

6.5CVSS8.8AI score0.01142EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/02 10:45 p.m.23 views

CVE-2022-30238

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...

8.3CVSS8.8AI score0.00916EPSS
Exploits0References1
CVE
CVE
added 2022/06/02 10:45 p.m.74 views

CVE-2022-30238

Schneider Electric Wiser Smart (EER21000/EER21001, v4.5 and prior) is affected by CVE-2022-30238, a CWE-287 Improper Authentication vulnerability. The issue allows an attacker to hijack a user session and take over an admin account. Public documentation across sources confirms the affected produc...

8.8CVSS8.5AI score0.00916EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/06/02 10:45 p.m.71 views

CVE-2022-30237

The CVE-2022-30237 vulnerability concerns Schneider Electric Wiser Smart and related EER21000/EER21001 versions (V4.5 and prior) with a CWE-311 Missing Encryption of Sensitive Data issue. The root cause is lack of encryption allowing authentication credentials to be recovered if an attacker break...

8.2CVSS7.6AI score0.00294EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/02 10:45 p.m.37 views

CVE-2022-30236

A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...

8.2CVSS8.4AI score0.00731EPSS
Exploits0References1
CVE
CVE
added 2022/06/02 10:45 p.m.73 views

CVE-2022-30236

CVE-2022-30236 affects Schneider Electric Wiser Smart devices (EER21000/EER21001, V4.5 and prior). The vulnerability is CWE-669: Incorrect Resource Transfer Between Spheres, enabling unauthorized access via cross-domain attacks. Affected components are within the Wiser Smart platform; the NVD and...

8.2CVSS8.1AI score0.00731EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/06/02 10:45 p.m.71 views

CVE-2022-30235

CVE-2022-30235 applies to Schneider Electric Wiser Smart and related EER21000/EER21001 devices (V4.5 and earlier). The vulnerability is CWE-307: Improper Restriction of Excessive Authentication Attempts, enabling brute‑force-style unauthorized access. The evidence indicates a network-based risk w...

9.8CVSS9.3AI score0.00928EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/02 10:45 p.m.23 views

CVE-2022-30235

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...

8.6CVSS9.6AI score0.00928EPSS
Exploits0References1
CVE
CVE
added 2022/06/02 10:45 p.m.76 views

CVE-2022-30234

CVE-2022-30234 affects Schneider Electric Wiser Smart devices (EER21000/EER21001, v4.5 and prior). Root cause: CWE-798—Use of Hard-coded Credentials. Impact per the entry: potential arbitrary code execution when root access is obtained, i.e., full compromise of affected OT asset. CVSSv3.1 base sc...

10CVSS9.5AI score0.01063EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/02 10:45 p.m.24 views

CVE-2022-30233

A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...

6.5CVSS6.6AI score0.00672EPSS
Exploits0References1
CVE
CVE
added 2022/06/02 10:45 p.m.83 views

CVE-2022-30233

CVE-2022-30233 involves a CWE-20 (Imporper Input Validation) flaw affecting Schneider Electric Wiser Smart and EER21000/EER21001 (V4.5 and prior). The root cause is improper input validation that could allow manipulation when a user is tricked into certain webpage actions. Public details in conne...

6.5CVSS6.4AI score0.00672EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder