CVE-2022-22727

Опубликовано: 04 фев. 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 9.3

EPSS Низкий

Описание

A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user�s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)

Ссылки

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07
Patch
Vendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:*:*:*:*:*:*:*:*

Версия до 2020 (включая)

EPSS

Процентиль: 76%

0.00929

Низкий

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-q44h-xwpg-7576

CVSS3: 8.8

github

почти 4 года назад

A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user?s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)

BDU:2023-01155

CVSS3: 7.1

fstec

около 4 лет назад

Уязвимость программного обеспечения энергомониторинга Power Monitoring Expert, позволяющая нарушителю просматривать и менять настройки оборудования