CVE-2022-22727

Name of the Vulnerable Software and Affected Versions EcoStruxure Power Monitoring Expert versions 2020 and prior

Description The issue is related to insufficient input validation, which could allow a remote attacker to view and modify equipment settings. An unauthenticated attacker may be able to impact the availability of the software or potentially affect a user's local machine by exploiting this issue, for example, through a specially crafted link.

Recommendations For versions 2020 and prior, consider restricting access to the software until a fix is available, and avoid clicking on suspicious links to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.