Schneider-electric

Ecostruxure Power Monitoring Expert

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.5

CVE-2025-11739

  • EPSS 0.07%
  • Veröffentlicht 10.03.2026 12:25:14
  • Zuletzt bearbeitet 11.03.2026 13:53:47

CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization.

4.9

CVE-2025-54927

  • EPSS 0.08%
  • Veröffentlicht 20.08.2025 13:51:04
  • Zuletzt bearbeitet 20.08.2025 14:39:07

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path input that is processed by the sys...

7.2

CVE-2025-54926

  • EPSS 0.53%
  • Veröffentlicht 20.08.2025 13:48:02
  • Zuletzt bearbeitet 20.08.2025 14:39:07

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets...

7.5

CVE-2025-54925

  • EPSS 0.06%
  • Veröffentlicht 20.08.2025 13:44:21
  • Zuletzt bearbeitet 20.08.2025 14:39:07

CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url.

7.5

CVE-2025-54924

  • EPSS 0.08%
  • Veröffentlicht 20.08.2025 13:39:10
  • Zuletzt bearbeitet 20.08.2025 14:39:07

CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint.

8.7

CVE-2025-54923

  • EPSS 1.06%
  • Veröffentlicht 20.08.2025 13:30:04
  • Zuletzt bearbeitet 20.08.2025 14:39:07

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exposed service that performs unsafe deserialization.

5.3

CVE-2025-6788

  • EPSS 0.07%
  • Veröffentlicht 11.07.2025 11:09:35
  • Zuletzt bearbeitet 15.07.2025 13:14:49

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML diagrams.

5.4

CVE-2024-8401

  • EPSS 0.1%
  • Veröffentlicht 28.01.2025 17:15:25
  • Zuletzt bearbeitet 28.01.2025 17:15:25

CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated attacker modifies folder names within the context of the product.

7.3

CVE-2024-9005

  • EPSS 0.23%
  • Veröffentlicht 08.10.2024 11:15:13
  • Zuletzt bearbeitet 13.03.2025 15:15:51

CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server.

7.8

CVE-2024-2229

  • EPSS 0.03%
  • Veröffentlicht 18.03.2024 16:15:09
  • Zuletzt bearbeitet 21.11.2024 09:09:18

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user.