Arbitrary Code Execution Vulnerability in EcoStruxure Power Monitoring Expert 9.0 and Prior Versions

Arbitrary Code Execution Vulnerability in EcoStruxure Power Monitoring Expert 9.0 and Prior Versions

CVE-2021-22827 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure� Power Monitoring Expert 9.0 and prior versions

Learn more about our User Device Pen Test.