CVE-2022-0223
Last modified
CVE-2022-0223 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22). EPSS estimates a 0.78% chance of exploitation in the next 30 days.
Description
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Ecostruxure Power Commission | < 2.22 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-0223?
How severe is CVE-2022-0223?
How do I fix CVE-2022-0223?
Are you affected by CVE-2022-0223?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST