Schneider-Electric Wiser Smart Eer21001 Firmware vulnerabilities
6 known vulnerabilities affecting schneider-electric/wiser_smart_eer21001_firmware.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-30235CRITICALCVSS 9.8≤ 4.52022-06-02
CVE-2022-30235 [HIGH] CWE-307 CVE-2022-30235: A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)
nvd
CVE-2022-30234CRITICALCVSS 9.8≤ 4.52022-06-02
CVE-2022-30234 [CRITICAL] CWE-798 CVE-2022-30234: A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)
nvd
CVE-2022-30236HIGHCVSS 8.2≤ 4.52022-06-02
CVE-2022-30236 [HIGH] CWE-669 CVE-2022-30236: A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unautho
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)
nvd
CVE-2022-30238HIGHCVSS 8.8≤ 4.52022-06-02
CVE-2022-30238 [HIGH] CWE-287 CVE-2022-30238: A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over th
A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)
nvd
CVE-2022-30237HIGHCVSS 7.5≤ 4.52022-06-02
CVE-2022-30237 [HIGH] CWE-311 CVE-2022-30237: A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)
nvd
CVE-2022-30233MEDIUMCVSS 6.5≤ 4.52022-06-02
CVE-2022-30233 [MEDIUM] CWE-20 CVE-2022-30233: A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciou
A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)
nvd