Vulnerabilities > Schneider Electric > Ecostruxure Power Commission
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-01 | CVE-2022-4062 | Improper Authorization vulnerability in Schneider-Electric Ecostruxure Power Commission A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. | 3.3 |
| 2023-01-30 | CVE-2022-0223 | Path Traversal vulnerability in Schneider-Electric Ecostruxure Power Commission A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. | 9.8 |
| 2023-01-30 | CVE-2022-22731 | Path Traversal vulnerability in Schneider-Electric Ecostruxure Power Commission A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. | 9.8 |
| 2023-01-30 | CVE-2022-22732 | Exposure of Resource to Wrong Sphere vulnerability in Schneider-Electric Ecostruxure Power Commission A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. | 7.5 |