Schneider-electric

Ecostruxure Power Monitoring Expert

22 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2023-5987

  • EPSS 0.12%
  • Published 15.11.2023 04:15:19
  • Last modified 21.11.2024 08:42:55

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScri...

9.8

CVE-2023-5391

  • EPSS 0.35%
  • Published 04.10.2023 19:15:10
  • Last modified 21.11.2024 08:41:40

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application.

8.8

CVE-2023-28003

  • EPSS 0.25%
  • Published 18.04.2023 21:15:09
  • Last modified 21.11.2024 07:53:54

A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account.

5.4

CVE-2022-22804

  • EPSS 0.5%
  • Published 04.02.2022 23:15:13
  • Last modified 21.11.2024 06:47:28

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits ...

9.3

CVE-2022-22727

  • EPSS 0.93%
  • Published 04.02.2022 23:15:13
  • Last modified 21.11.2024 06:47:20

A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user�s local machine when the user clicks a specially cr...

6.5

CVE-2022-22726

  • EPSS 0.33%
  • Published 04.02.2022 23:15:13
  • Last modified 21.11.2024 06:47:19

A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versi...

8.8

CVE-2021-22827

  • EPSS 0.41%
  • Published 28.01.2022 20:15:10
  • Last modified 21.11.2024 05:50:45

A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure� Power Monitoring Ex...

8.8

CVE-2021-22826

  • EPSS 0.69%
  • Published 28.01.2022 20:15:10
  • Last modified 21.11.2024 05:50:45

A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure� Power Monitoring Ex...

8.8

CVE-2020-7547

  • EPSS 0.35%
  • Published 01.12.2020 15:15:12
  • Last modified 21.11.2024 05:37:21

A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web inte...

5.4

CVE-2020-7546

  • EPSS 0.3%
  • Published 01.12.2020 15:15:12
  • Last modified 21.11.2024 05:37:21

A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perf...