CVE-2022-22804

Name of the Vulnerable Software and Affected Versions EcoStruxure Power Monitoring Expert versions 2020 and prior

Description A Cross-site Scripting vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the injected payload.

Recommendations For versions 2020 and prior, consider restricting access to sensitive pages until a patch is available. As a temporary workaround, consider implementing input validation and sanitization to prevent malicious payload injection. Avoid using the software until a fix is applied to prevent potential data breaches or setting changes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.