A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)
2022-02-09T23:15:19.243
2024-11-21T06:47:29.243
Modified
CVSSv3.1: 8.8 (HIGH)
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | schneider-electric | hmibscea53d1edb_firmware | < 4.0.0.13 | Yes |
| Hardware | schneider-electric | hmibscea53d1edb | - | No |
| Operating System | schneider-electric | hmibscea53d1eds_firmware | < 4.0.0.13 | Yes |
| Hardware | schneider-electric | hmibscea53d1eds | - | No |
| Operating System | schneider-electric | hmibscea53d1edm_firmware | < 4.0.0.13 | Yes |
| Hardware | schneider-electric | hmibscea53d1edm | - | No |
| Operating System | schneider-electric | hmibscea53d1edl_firmware | < 4.0.0.13 | Yes |
| Hardware | schneider-electric | hmibscea53d1edl | - | No |
| Operating System | schneider-electric | hmibscea53d1ess_firmware | < 4.0.0.13 | Yes |
| Hardware | schneider-electric | hmibscea53d1ess | - | No |
| Operating System | schneider-electric | hmibscea53d1esm_firmware | < 4.0.0.13 | Yes |
| Hardware | schneider-electric | hmibscea53d1esm | - | No |
| Operating System | schneider-electric | hmibscea53d1eml_firmware | < 4.0.0.13 | Yes |
| Hardware | schneider-electric | hmibscea53d1eml | - | No |