Schneider-Electric: >> Ecostruxure Power Monitoring Expert >> 2022 Security Vulnerabilities
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to
execute arbitrary code on the targeted system by sending a specifically crafted packet to the
application.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-10-04
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to
maintain unauthorized access over a hijacked session in PME after the legitimate user has
signed out of their account.
CVSS Score
6.7
EPSS Score
0.002
Published
2023-04-18