Vulnerabilities > Schneider Electric > Ecostruxure Control Expert > 15.1

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-18	CVE-2023-1548	Improper Privilege Management vulnerability in Schneider-Electric Ecostruxure Control Expert 15.1 A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert. local low complexity schneider-electric CWE-269	5.5
2023-04-18	CVE-2023-27976	Exposure of Resource to Wrong Sphere vulnerability in Schneider-Electric Ecostruxure Control Expert 15.1 A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. network low complexity schneider-electric CWE-668	8.8
2022-04-14	CVE-2022-26507	Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. network low complexity att schneider-electric CWE-787 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.