CVE-2022-4062

Published: Feb 1, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25)

Affected (1)

Products: Schneider Electric: Ecostruxure Power Commission

Schneider Electric

1 product

Ecostruxure Power Commission

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Ecostruxure Power Commission	Before 2.26

Related CWEs

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-347-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-347-03_EcoStruxure_Power_Commission_Security_Notification.pdf

Source: cybersecurity@se.com

PatchVendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-347-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-347-03_EcoStruxure_Power_Commission_Security_Notification.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.