VDB

CVE-2022-32516

CVE-2022-32516 PUBLISHED CVSS 7.5 HIGH

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All Versions)

EPSS 0.12% · 31.3th percentile

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.12%
31.3th percentile

Affected Products

VendorProductVersions
Schneider ElectricConext™ ComBoxAll Versions
schneider-electricconext_combox_firmware

Timeline

  • Jun 15, 2022 CVE Published
  • Aug 19, 2022 CVE Updated
  • Jan 31, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 12, 2023 EPSS Score
  • Apr 21, 2023 EPSS Score
  • Jun 1, 2023 EPSS Score
  • Jul 11, 2023 EPSS Score
  • Aug 20, 2023 EPSS Score
  • Sep 29, 2023 EPSS Score
  • Nov 8, 2023 EPSS Score
  • Dec 18, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›