HIGH🇵🇱 Wersja polska

CVE-2022-22727

CVSS 8.8v3.1pub. 2022-02-04upd. 2024-11-21

A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user�s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Schneider Electric Ecostruxure Power Monitoring Expert

    APP
    Schneider-Electric
    ≤ 2020
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2023-5391CRITICAL9.8ten sam produkt

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute a...

CVE-2025-11739HIGH8.5ten sam produkt

CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with...

CVE-2023-5986HIGH8.2ten sam produkt

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerabili...

CVE-2021-22827HIGH8.8ten sam produkt

A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the us...

CVE-2021-22826HIGH8.8ten sam produkt

A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the us...