Improper Restriction of Excessive Authentication Attempts in Wiser Smart by Schneider Electric
CVE-2022-30235

8.6HIGH

Key Information:

Vendor: Schneider Electric
Status: Wiser Smart
Vendor: CVE Published:; 2 June 2022

Summary

An issue exists in Wiser Smart that allows attackers to exploit improper restrictions on authentication attempts, facilitating unauthorized access through brute force methods. This vulnerability primarily affects EER21000 and EER21001 models running version V4.5 or earlier. Organizations using these devices should take immediate action to mitigate potential security risks associated with this flaw.

Affected Version(s)

Wiser Smart EER21000 < 4.5

Wiser Smart EER21001 < 4.5

References

https://www.se.com/ww/en/download/document/SEVD-2022-130-03/

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 2, 2022
Vulnerability Reserved
May 4, 2022