CVE-2022-22732
published 2023-01-30CVE-2022-22732: A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.27%
18.3th percentile
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | ecostruxure_power_commission | < 2.22 | 2.22 |
| schneider_electric | ecostruxure_power_commission | >= All < V2.22 | V2.22 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Schneider Electric EcoStruxure Power Commission prior 2.22 exposure of resource (SEVD-2022-165-05 / EUVD-2022-27875)
vuldb·2026-04-28·CVSS 7.5
CVE-2022-22732 [HIGH] Schneider Electric EcoStruxure Power Commission prior 2.22 exposure of resource (SEVD-2022-165-05 / EUVD-2022-27875)
A vulnerability has been found in Schneider Electric EcoStruxure Power Commission and classified as problematic. The affected element is an unknown function. This manipulation causes exposure of resource.
This vulnerability is registered as CVE-2022-22732. Remote exploitation of the attack is possible. No exploit is available.
The affected component should be upgraded.
GHSA
GHSA-5w35-cmj6-vc9r: A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by th
ghsa_unreviewed·2023-01-31
CVE-2022-22732 [HIGH] CWE-668 GHSA-5w35-cmj6-vc9r: A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by th
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdfhttps://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf
2023-01-30
Published