Cyber Resilience

CVE-2022-22807

High

Published: 09 February 2022

Published
09 February 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
EPSS Score 0.0021 43.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-22807 is a high-severity Improper Restriction of Rendered UI Layers or Frames (CWE-1021) vulnerability in Schneider-Electric Hmibscea53D1Edb Firmware. Its CVSS base score is 7.4 (High).

Operationally, ranked at the 43.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV…

more

Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

schneider-electric
hmibscea53d1edb firmware
≤ 4.0.0.13
schneider-electric
hmibscea53d1eds firmware
≤ 4.0.0.13
schneider-electric
hmibscea53d1edm firmware
≤ 4.0.0.13
schneider-electric
hmibscea53d1edl firmware
≤ 4.0.0.13
schneider-electric
hmibscea53d1ess firmware
≤ 4.0.0.13
schneider-electric
hmibscea53d1esm firmware
≤ 4.0.0.13
schneider-electric
hmibscea53d1eml firmware
≤ 4.0.0.13

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References