CVE-2022-30238

Name of the Vulnerable Software and Affected Versions Wiser Smart versions prior to 4.5 Wiser Controller EER21000 versions prior to 4.5 Wiser Controller EER21001 versions prior to 4.5

Description The issue is related to errors in the authentication procedure of the Wiser Smart programmable logic controllers, specifically the Schneider Electric Wiser Controller EER21000 and Wiser Controller EER21001. This could allow a remote attacker to gain unauthorized access to protected information by hijacking a session and taking over the admin account.

Recommendations For Wiser Smart versions prior to 4.5, update to a version later than 4.5 to resolve the issue. For Wiser Controller EER21000 versions prior to 4.5, update to a version later than 4.5 to resolve the issue. For Wiser Controller EER21001 versions prior to 4.5, update to a version later than 4.5 to resolve the issue. As a temporary workaround, consider restricting access to the admin account until a patch is available.