Vulnerability Details CVE-2022-22808
A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
Products affected by CVE-2022-22808
-
cpe:2.3:h:schneider-electric:hmibscea53d1edb:-
-
cpe:2.3:h:schneider-electric:hmibscea53d1edl:-
-
cpe:2.3:h:schneider-electric:hmibscea53d1edm:-
-
cpe:2.3:h:schneider-electric:hmibscea53d1eds:-
-
cpe:2.3:h:schneider-electric:hmibscea53d1eml:-
-
cpe:2.3:h:schneider-electric:hmibscea53d1esm:-
-
cpe:2.3:h:schneider-electric:hmibscea53d1ess:-
-
cpe:2.3:o:schneider-electric:hmibscea53d1edb_firmware:-
-
cpe:2.3:o:schneider-electric:hmibscea53d1edl_firmware:-
-
cpe:2.3:o:schneider-electric:hmibscea53d1edm_firmware:-
-
cpe:2.3:o:schneider-electric:hmibscea53d1eds_firmware:-
-
cpe:2.3:o:schneider-electric:hmibscea53d1eml_firmware:-
-
cpe:2.3:o:schneider-electric:hmibscea53d1esm_firmware:-
-
cpe:2.3:o:schneider-electric:hmibscea53d1ess_firmware:-