CVE-2022-22807 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-22807 PUBLISHED CVSS 7.400000095367432 HIGH

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)

EPSS 0.21% · 42.9th percentile

Risk Scores

CVSS v3.1

7.400000095367432

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

EPSS Score

0.21%

42.9th percentile

Affected Products

Vendor	Product	Versions
schneider-electric	hmibscea53d1eml_firmware	0
schneider-electric	hmibscea53d1edb_firmware	0
schneider-electric	hmibscea53d1esm_firmware	0
schneider-electric	hmibscea53d1edl_firmware	0
schneider-electric	hmibscea53d1ess_firmware	0
schneider-electric	hmibscea53d1edm_firmware	0
schneider-electric	hmibscea53d1eds_firmware	0
n/a	EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)	EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)

Timeline

Feb 9, 2022 CVE Published
Feb 10, 2022 EPSS Score
Apr 3, 2022 EPSS Score
May 25, 2022 EPSS Score
Jul 16, 2022 EPSS Score
Sep 6, 2022 EPSS Score
Oct 28, 2022 EPSS Score
Dec 19, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 1, 2023 EPSS Score
May 23, 2023 EPSS Score

References

Open in Interactive Console →