CVE-2022-2105 Information

Description

Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters.

Reference

https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03