Vulnerabilities > Schneider Electric > Ecostruxure Power Commission > High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-01	CVE-2022-4062	Unspecified vulnerability in Schneider-Electric Ecostruxure Power Commission 2.22/2.25 A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. local low complexity schneider-electric	7.8
2023-01-30	CVE-2022-22732	Unspecified vulnerability in Schneider-Electric Ecostruxure Power Commission A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. network low complexity schneider-electric	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.