CVE-2022-0223

MEDIUM

EcoStruxure Power Commission <V2.22 - Path Traversal

Title source: llm

Description

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf

Scores

CVSS v3 6.5

EPSS 0.0057

EPSS Percentile 68.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

schneider-electric/ecostruxure_power_commission < 2.22

Published Jan 30, 2023

Tracked Since Feb 18, 2026