CVE-2022-22732

Name of the Vulnerable Software and Affected Versions EcoStruxure Power Commission versions prior to V2.22

Description A vulnerability exists that could cause all remote domains to access the resources supplied by the server when an attacker sends a fetch request from a third-party site or malicious site. This issue is related to the exposure of information in an erroneous data sphere, which may allow a remote attacker to disclose protected information using a specially crafted request.

Recommendations For versions prior to V2.22, update to version V2.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the server to minimize the risk of exploitation. Avoid using the server to supply resources to remote domains until the issue is resolved.