CVE-2022-4062 HIGH

CVE-2022-4062

Vendor Schneider Electric

Product EcoStruxure Power Commission

Weakness CWE-285

Published February 1, 2023

Last update February 5, 2025

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25)

Key dates

02Disclosure timeline

February 1, 2023 CVE published

February 5, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-4062

Related vulnerabilities

04Related CVE

CVE-2025-7947 jshERP Account delete improper authorization CVE-2025-11174 Document Library Lite <= 1.1.6 - Missing Authorization to Sensitive Information Exposure CVE-2026-2694 The Events Calendar <= 6.15.16 - Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API CVE-2022-32169 bytebase - Improper Authorization CVE-2024-11860 SourceCodester Best House Rental Management System POST Request ajax.php improper authorization

Identifiers

CVE CVE-2022-4062

CWE CWE-285

CVSS 7.8 / HIGH

Affected versions

Vendor Schneider Electric

Product EcoStruxure Power Commission

Affected ≥ All and < V2.25