Vulnerabilities > Schneider Electric > Ecostruxure Power Monitoring Expert > 2020
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-5986 | Open Redirect vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert 2020/2021 A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. | 6.1 |
| 2023-11-15 | CVE-2023-5987 | Cross-site Scripting vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert 2020/2021 A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload. | 6.1 |
| 2023-04-18 | CVE-2023-28003 | Insufficient Session Expiration vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account. | 8.8 |
| 2022-02-04 | CVE-2022-22726 | Improper Input Validation vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. | 4.0 |
| 2022-02-04 | CVE-2022-22727 | Improper Input Validation vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user?s local machine when the user clicks a specially crafted link. | 8.8 |
| 2022-02-04 | CVE-2022-22804 | Cross-site Scripting vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the injected payload. | 3.5 |