Vulnerabilities > Schneider Electric > Ecostruxure Power Monitoring Expert > High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-18	CVE-2023-28003	Insufficient Session Expiration vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account. network low complexity schneider-electric CWE-613	8.8
2022-02-04	CVE-2022-22727	Improper Input Validation vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user?s local machine when the user clicks a specially crafted link. network low complexity schneider-electric CWE-20	8.8
2022-01-28	CVE-2021-22826	Improper Input Validation vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. network low complexity schneider-electric CWE-20	8.8
2022-01-28	CVE-2021-22827	Improper Input Validation vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. network low complexity schneider-electric CWE-20	8.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.