CVE-2022-30233

Published: Jun 2, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)

Affected (2)

Products: Schneider Electric: Wiser Smart Eer21000 Firmware, Wiser Smart Eer21001 Firmware

Schneider Electric

2 products

Wiser Smart Eer21000 Firmware

Wiser Smart Eer21001 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Wiser Smart Eer21000 Firmware	Up to 4.5

Running on/with	Platform Versions
Schneider Electric Wiser Smart Eer21000	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Wiser Smart Eer21001 Firmware	Up to 4.5

Running on/with	Platform Versions
Schneider Electric Wiser Smart Eer21001	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://www.se.com/ww/en/download/document/SEVD-2022-130-03/

Source: cybersecurity@se.com

MitigationVendor Advisory

https://www.se.com/ww/en/download/document/SEVD-2022-130-03/

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.