CVE-2023-28003

low-risk
Published 2023-04-18

A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account.

Do I need to act?

-
0.33% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10 Medium
LOCAL / HIGH complexity

Affected Products (1)

Ecostruxure Power Monitoring Expert

Affected Vendors

Schneider-Electric

References (2)

Vendor Advisory https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-01&p_enDoc...
Vendor Advisory https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-01&p_enDoc...
23
/ 100
low-risk
Severity 17/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal