CVE-2023-28003 — Insufficient Session Expiration in Electric Ecostruxure Power Monitoring Expert

CWE-613 — Insufficient Session Expiration3 documents3 sources

Severity

8.8HIGHNVD

CNA6.7

EPSS

0.3%

top 43.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Ecostruxure Power Monitoring Expert Schneider-electric Ecostruxure Power Monitoring Expert

Timeline

PublishedApr 18

Description

A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5schneider_electric/ecostruxure_power_monitoring_expertAll — PME 2022

▶NVDschneider-electric/ecostruxure_power_monitoring_expert2022

🔴Vulnerability Details

GHSA

GHSA-wx2q-8m6x-v282: A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session i↗2023-04-18

▶

CVEList

CVE-2023-28003: A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session i↗2023-04-18

▶