CVE-2022-22807

Published: Feb 9, 2022Modified: Nov 21, 2024

7.4

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 4.0

Source: NVD

Description

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)

Affected (7)

Products: Schneider Electric: Hmibscea53d1edb Firmware, Hmibscea53d1eds Firmware, Hmibscea53d1edm Firmware, Hmibscea53d1edl Firmware, Hmibscea53d1ess Firmware, Hmibscea53d1esm Firmware, Hmibscea53d1eml Firmware

Schneider Electric

7 products

Hmibscea53d1edb Firmware

Hmibscea53d1eds Firmware

Hmibscea53d1edm Firmware

Hmibscea53d1edl Firmware

Hmibscea53d1ess Firmware

Hmibscea53d1esm Firmware

Hmibscea53d1eml Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibscea53d1edb Firmware	Before 4.0.0.13

Running on/with	Platform Versions
Schneider Electric Hmibscea53d1edb	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibscea53d1eds Firmware	Before 4.0.0.13

Running on/with	Platform Versions
Schneider Electric Hmibscea53d1eds	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibscea53d1edm Firmware	Before 4.0.0.13

Running on/with	Platform Versions
Schneider Electric Hmibscea53d1edm	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibscea53d1edl Firmware	Before 4.0.0.13

Running on/with	Platform Versions
Schneider Electric Hmibscea53d1edl	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibscea53d1ess Firmware	Before 4.0.0.13

Running on/with	Platform Versions
Schneider Electric Hmibscea53d1ess	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibscea53d1esm Firmware	Before 4.0.0.13

Running on/with	Platform Versions
Schneider Electric Hmibscea53d1esm	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Hmibscea53d1eml Firmware	Before 4.0.0.13

Running on/with	Platform Versions
Schneider Electric Hmibscea53d1eml	All versions

Related CWEs

CWE-1021

Improper Restriction of Rendered UI Layers or Frames

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02

Source: cybersecurity@se.com

Vendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.