Cross-Domain Access Vulnerability in Wiser Smart Products by Schneider Electric
CVE-2022-30236

8.2HIGH

Key Information:

Vendor: Schneider Electric
Status: Wiser Smart
Vendor: CVE Published:; 2 June 2022

Summary

A security vulnerability in Schneider Electric's Wiser Smart products allows attackers to exploit cross-domain access mechanisms. This could enable unauthorized access to sensitive resources, highlighting a critical need for improved resource management and security measures in the affected versions (V4.5 and prior) of EER21000 and EER21001 devices.

Affected Version(s)

Wiser Smart EER21000 < 4.5

Wiser Smart EER21001 < 4.5

References

https://www.se.com/ww/en/download/document/SEVD-2022-130-03/

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 2, 2022
Vulnerability Reserved
May 4, 2022