{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T05:07:23.736","vulnerabilities":[{"cve":{"id":"CVE-2022-0223","sourceIdentifier":"cybersecurity@se.com","published":"2023-01-30T23:15:09.427","lastModified":"2024-11-21T06:38:10.670","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)"},{"lang":"es","value":"Existe una vulnerabilidad CWE-22: limitación inadecuada de un nombre de ruta a un directorio restringido (\"Path Traversal\") que podría permitir a un atacante crear o sobrescribir archivos críticos que se utilizan para ejecutar código, como programas o librerías, y provocar la ejecución de código no autenticado. Productos afectados: EcoStruxure Power Commission (versiones anteriores a la V2.22)"}],"metrics":{"cvssMetricV31":[{"source":"cybersecurity@se.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_power_commission:*:*:*:*:*:*:*:*","versionEndExcluding":"2.22","matchCriteriaId":"E59BB009-9A61-46F7-BC46-44B4EC678EE4"}]}]}],"references":[{"url":"https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf","source":"cybersecurity@se.com","tags":["Patch","Vendor Advisory"]},{"url":"https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}