VDB
CVE-2022-22807
CVE-2022-22807
PUBLISHED
CVSS 7.400000095367432 HIGH
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)
EPSS 0.21% · 43.0th percentile
Risk Scores
CVSS 3.1
7.400000095367432
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
EPSS Score
0.21%
43.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| schneider-electric | hmibscea53d1eml_firmware | 0 |
| schneider-electric | hmibscea53d1edb_firmware | 0 |
| schneider-electric | hmibscea53d1esm_firmware | 0 |
| schneider-electric | hmibscea53d1edl_firmware | 0 |
| schneider-electric | hmibscea53d1ess_firmware | 0 |
| schneider-electric | hmibscea53d1edm_firmware | 0 |
| schneider-electric | hmibscea53d1eds_firmware | 0 |
| n/a | EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13) | EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13) |
Exploit Intelligence
Timeline
- Feb 9, 2022 CVE Published
- Feb 10, 2022 EPSS Score
- Apr 3, 2022 EPSS Score
- May 26, 2022 EPSS Score
- Jul 18, 2022 EPSS Score
- Sep 9, 2022 EPSS Score
- Oct 31, 2022 EPSS Score
- Dec 22, 2022 EPSS Score
- Feb 13, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 6, 2023 EPSS Score
- May 28, 2023 EPSS Score
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-03 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-06 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-22807 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV url