Schneider Electric EcoStruxure Power Monitoring Expert

Source: All CISA Advisories | Added:

Schneider Electric's EcoStruxure Power Monitoring Expert has multiple vulnerabilities, including path traversal, deserialization of untrusted data, and server-side request forgery, which could allow remote attackers to access sensitive files or internal services. These vulnerabilities require authentication to exploit and have been assigned various CVEs with high CVSS scores indicating significant risk.

Impact: Schneider Electric EcoStruxure Power Monitoring Expert

In the Wild: Unknown

Age: Newly disclosed

Remediation: Ensure PME is running in an isolated network, deploy Windows firewall, enforce complex password policies, audit server access permissions, and apply the principle of least privilege.