CVE-2022-30236 – This vulnerability allows attackers to perform ... (How to Fix)

Q: What is the severity of CVE-2022-30236?

CVE-2022-30236 has a CVSS score of 8.2 (HIGH). This vulnerability allows attackers to perform cross-domain attacks that could lead to unauthorized access to Wiser Smart energy management systems. It affects Schneider Electric's EER21000 and EER21001 products running firmware versions 4.5 and earlier. The vulnerability stems from improper resource transfer between security domains.

📋 TL;DR

This vulnerability allows attackers to perform cross-domain attacks that could lead to unauthorized access to Wiser Smart energy management systems. It affects Schneider Electric's EER21000 and EER21001 products running firmware versions 4.5 and earlier. The vulnerability stems from improper resource transfer between security domains.

💻 Affected Systems

Products:

Wiser Smart
EER21000
EER21001

Versions: V4.5 and prior

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the embedded firmware of Schneider Electric energy management gateways.

📦 What is this software?

Wiser Smart Eer21000 Firmware by Schneider Electric

View all CVEs affecting Wiser Smart Eer21000 Firmware →

Wiser Smart Eer21001 Firmware by Schneider Electric

View all CVEs affecting Wiser Smart Eer21001 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the energy management system allowing attackers to manipulate energy controls, access sensitive operational data, or disrupt energy distribution.

🟠

Likely Case

Unauthorized access to system interfaces and potential data exfiltration from the affected devices.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing cross-domain attacks.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Cross-domain attacks typically require some level of access to initiate but can lead to privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V4.6 or later

Vendor Advisory: https://www.se.com/ww/en/download/document/SEVD-2022-130-03/

Restart Required: Yes

Instructions:

1. Download firmware V4.6 or later from Schneider Electric portal. 2. Backup current configuration. 3. Upload new firmware via web interface. 4. Reboot device. 5. Verify firmware version.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices in separate network segments to prevent cross-domain attacks.

Access Control Lists

all

Implement strict firewall rules to limit communication to/from affected devices.

🧯 If You Can't Patch

Isolate affected devices from internet and untrusted networks
Implement strict network segmentation and monitor for unusual cross-domain traffic

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface or CLI. If version is 4.5 or earlier, device is vulnerable.

Check Version:

Check via web interface: System > About, or via CLI if available

Verify Fix Applied:

Verify firmware version is 4.6 or later after patching.

📡 Detection & Monitoring

Log Indicators:

Unusual cross-domain requests
Authentication attempts from unexpected sources
Configuration changes

Network Indicators:

Unexpected cross-domain HTTP requests
Traffic between normally isolated network segments

SIEM Query:

source_ip IN (affected_device_ips) AND (http_referer CONTAINS 'cross-domain' OR uri CONTAINS 'cross-domain')

📊 Metadata

CVE ID: CVE-2022-30236

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE: CWE-669

Published: June 2, 2022

Last Updated: November 21, 2024

🔗 References

https://www.se.com/ww/en/download/document/SEVD-2022-130-03/ Mitigation,Vendor Advisory
https://www.se.com/ww/en/download/document/SEVD-2022-130-03/ Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-30236, you might also want to check these: