CVE-2022-22808 Information

Description

A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulnerability exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB HMIBSCEA53D1EDS HMIBSCEA53D1EDM HMIBSCEA53D1EDL HMIBSCEA53D1ESS HMIBSCEA53D1ESM HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8