Cross-Site Scripting Vulnerability in EcoStruxure Power Monitoring Expert by Schneider Electric
CVE-2022-22804

5.4MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure Power Monitoring Expert (versions 2020 And Prior)
Vendor: CVE Published:; 4 February 2022

Summary

There exists a cross-site scripting (XSS) vulnerability in EcoStruxure Power Monitoring Expert that allows an authenticated attacker to inject malicious scripts. This vulnerability can enable attackers to manipulate web pages and potentially view sensitive data, alter configuration settings, or disrupt the software's availability when users interact with compromised pages containing the malicious payload. The issue primarily affects versions of the product released in 2020 and earlier. It is essential for users to apply necessary updates and security best practices to mitigate the risk of exploitation.

Affected Version(s)

EcoStruxure Power Monitoring Expert ( 2020 and prior) EcoStruxure Power Monitoring Expert (Versions 2020 and prior)

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 4, 2022
Vulnerability Reserved
Jan 7, 2022