漏洞标题
N/A
漏洞描述信息
存在一个CWE-1021 不当限制渲染的UI层或帧漏洞,可能导致在欺骗用户使其使用 iframe 渲染的Web界面时,对产品设置或用户账户进行 unintended 修改。受影响的产品:EcoStruxure EV Charging Expert(formerly known as EVlink Load Management System):(HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (所有版本 prior to SP8(版本01) V4.0.0.13)
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)
CVSS信息
N/A
漏洞类别
不当限制渲染UI层或帧
漏洞标题
EcoStruxure EV Charging Expert 安全漏洞
漏洞描述信息
EcoStruxure EV Charging Expert是法国施耐德(Schneider-electric)的电动汽车充电基础设施负载管理、访问管理和监督解决方案。 EcoStruxure EV Charging Expert存在安全漏洞,该漏洞源于当欺骗用户使用在iframes中渲染的web界面时,CWE-1021渲染UI层或框架的不当限制存在可能导致产品设置或用户帐户的意外修改。
CVSS信息
N/A
漏洞类别
其他