Vulnerabilities > Schneider Electric > Ecostruxure Power Monitoring Expert > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-18 | CVE-2023-28003 | Unspecified vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account. | 8.8 |
| 2022-02-04 | CVE-2022-22727 | Unspecified vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user?s local machine when the user clicks a specially crafted link. | 8.8 |
| 2022-01-28 | CVE-2021-22826 | Improper Input Validation vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. | 8.8 |
| 2022-01-28 | CVE-2021-22827 | Improper Input Validation vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. | 8.8 |
| 2020-12-01 | CVE-2020-7547 | Unspecified vulnerability in Schneider-Electric products A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level. | 8.8 |
| 2020-12-01 | CVE-2020-7545 | Unspecified vulnerability in Schneider-Electric products A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage. | 7.2 |