First published: Mon Jan 30 2023(Updated: )
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All Versions)
Credit: cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Conext Combox Firmware | ||
Schneider-electric Conext Combox |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-32516 is a Cross-Site Request Forgery (CSRF) vulnerability that can result in system configurations being overridden and causing a reboot loop on the affected product, Conext™ ComBox.
The severity of CVE-2022-32516 is high with a CVSS severity score of 6.5.
The vulnerability affects all versions of Schneider-electric Conext ComBox firmware.
CVE-2022-32516 exploits POST-Based Cross-Site Request Forgery (CSRF) to manipulate system configurations and trigger a reboot loop.
No, Schneider-electric Conext ComBox itself is not vulnerable to CVE-2022-32516.
Apply the latest firmware update provided by Schneider Electric to mitigate the CSRF vulnerability (CVE-2022-32516).