Vulnerabilities > CVE-2022-22732 - Exposure of Resource to Wrong Sphere vulnerability in Schneider-Electric Ecostruxure Power Commission

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

schneider-electric

CWE-668

NVD

Published: 2023-01-30

Updated: 2023-02-07

Summary

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Ecostruxure Power Commission -	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf