Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

schneider-electric ecostruxure power monitoring expert vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2023-5986
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain af...
Schneider-electric Ecostruxure Power Monitoring Expert 2020Schneider-electric Ecostruxure Power Monitoring Expert 2021
NA
CVE-2023-5987
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a pag...
Schneider-electric Ecostruxure Power Monitoring Expert 2020Schneider-electric Ecostruxure Power Monitoring Expert 2021
5.8
CVSSv2
CVE-2018-7797
A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced ...
Schneider-electric Ecostruxure Power Scada Operation 9.0Schneider-electric Ecostruxure Power Scada Operation 8.2Schneider-electric Ecostruxure Energy Expert 1.3Schneider-electric Ecostruxure Power Monitoring Expert 8.2Schneider-electric Ecostruxure Energy Expert 2.0Schneider-electric Ecostruxure Power Monitoring Expert 9.0
6.5
CVSSv2
CVE-2020-7547
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher pr...
Schneider-electric Ecostruxure Energy Expert 2.0Schneider-electric Ecostruxure Power Monitoring Expert 9.0Schneider-electric Power Manager 1.1Schneider-electric Power Manager 1.2Schneider-electric Power Manager 1.3Schneider-electric Ecostruxure Power Monitoring Expert 8.0Schneider-electric Ecostruxure Power Monitoring Expert 7.0Schneider-electric Powerscada Operation With Advanced Reporting And Dashboards 9.0Schneider-electric Powerscada Expert With Advanced Reporting And Dashboards 8.0
6.5
CVSSv2
CVE-2020-7545
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access a...
Schneider-electric Ecostruxure Energy Expert 2.0Schneider-electric Ecostruxure Power Monitoring Expert 9.0Schneider-electric Power Manager 1.1Schneider-electric Power Manager 1.2Schneider-electric Power Manager 1.3Schneider-electric Ecostruxure Power Monitoring Expert 8.0Schneider-electric Ecostruxure Power Monitoring Expert 7.0Schneider-electric Powerscada Operation With Advanced Reporting And Dashboards 9.0Schneider-electric Powerscada Expert With Advanced Reporting And Dashboards 8.0
3.5
CVSSv2
CVE-2020-7546
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an malicious user to perform actions on...
Schneider-electric Ecostruxure Energy Expert 2.0Schneider-electric Ecostruxure Power Monitoring Expert 7.0Schneider-electric Ecostruxure Power Monitoring Expert 8.0Schneider-electric Ecostruxure Power Monitoring Expert 9.0Schneider-electric Power Manager 1.1Schneider-electric Power Manager 1.2Schneider-electric Power Manager 1.3Schneider-electric Powerscada Expert With Advanced Reporting And Dashboards 8.0Schneider-electric Powerscada Operation With Advanced Reporting And Dashboards 9.0
4
CVSSv2
CVE-2022-22726
A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)
Schneider-electric Ecostruxure Power Monitoring Expert
3.5
CVSSv2
CVE-2022-22804
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an authenticated malicious user to view data, change settings, or impact availability of the software when the user visits a page contain...
Schneider-electric Ecostruxure Power Monitoring Expert
NA
CVE-2023-28003
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an malicious user to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account.
Schneider-electric Ecostruxure Power Monitoring Expert
6.8
CVSSv2
CVE-2021-22826
A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure? Power Monitoring Expert 9.0 and prior versions
Schneider-electric Ecostruxure Power Monitoring Expert
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook