CVE-2022-32516 - OpenCVE

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All Versions)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Conext Combox Conext Combox Firmware

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:conext_combox_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:conext_combox:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2023-01-30T00:00:00

Updated: 2024-08-03T07:46:43.469Z

Reserved: 2022-06-07T00:00:00

Link: CVE-2022-32516

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-01-30T23:15:10.170

Modified: 2023-02-07T18:54:26.637

Link: CVE-2022-32516

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:conext_combox_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "570ACEDE-DE9F-4E19-AA0F-A6C864263D4B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:conext_combox:-:*:*:*:*:*:*:*", "matchCriteriaId": "6F2F9562-402D-4069-83C0-E5C5CE05F2AB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system\u2019s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext\u2122 ComBox (All Versions)"}, {"lang": "es", "value": "Existe una vulnerabilidad CWE-352: Cross Site Request Forgery (CSRF) que podr\u00eda causar que las configuraciones del sistema se anulen y provoquen un bucle de reinicio cuando el producto sufre una Cross Site Request Forgery (CSRF) basada en POST. Productos afectados: Conext? ComBox (todas las versiones)"}], "id": "CVE-2022-32516", "lastModified": "2023-02-07T18:54:26.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cybersecurity@se.com", "type": "Secondary"}]}, "published": "2023-01-30T23:15:10.170", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "cybersecurity@se.com", "type": "Primary"}]}