Input Validation Flaw in Wiser Smart Products by Schneider Electric
CVE-2022-30233

6.5MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Wiser Smart
Vendor: CVE Published:; 10 May 2022

Summary

An improper input validation vulnerability affects Schneider Electric's Wiser Smart products, specifically models EER21000 and EER21001 in version V4.5 and earlier. This flaw enables attackers to exploit the system by tricking users into performing unintended actions on affected web pages. Such manipulation can lead to unauthorized access or disruption of services.

Affected Version(s)

Wiser Smart EER21000 < 4.5

Wiser Smart EER21001 < 4.5

References

https://www.se.com/ww/en/download/document/SEVD-2022-130-03/

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2022
Vulnerability Reserved
May 4, 2022