Published: 09/02/2022 Updated: 02/02/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote malicious user to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)

Vulnerable Product	Search on Vulmon	Subscribe to Product
schneider-electric hmibscea53d1edb_firmware
schneider-electric hmibscea53d1eds_firmware
schneider-electric hmibscea53d1edm_firmware
schneider-electric hmibscea53d1edl_firmware
schneider-electric hmibscea53d1ess_firmware
schneider-electric hmibscea53d1esm_firmware
schneider-electric hmibscea53d1eml_firmware

CWE-352 https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-22808

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect