Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
schneider-electric ecostruxure power monitoring expert vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-5986
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain af...
Schneider-electric Ecostruxure Power Monitoring Expert 2020
Schneider-electric Ecostruxure Power Monitoring Expert 2021
NA
CVE-2023-5987
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a pag...
Schneider-electric Ecostruxure Power Monitoring Expert 2020
Schneider-electric Ecostruxure Power Monitoring Expert 2021
5.8
CVSSv2
CVE-2018-7797
A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced ...
Schneider-electric Ecostruxure Power Scada Operation 9.0
Schneider-electric Ecostruxure Power Scada Operation 8.2
Schneider-electric Ecostruxure Energy Expert 1.3
Schneider-electric Ecostruxure Power Monitoring Expert 8.2
Schneider-electric Ecostruxure Energy Expert 2.0
Schneider-electric Ecostruxure Power Monitoring Expert 9.0
6.5
CVSSv2
CVE-2020-7547
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher pr...
Schneider-electric Ecostruxure Energy Expert 2.0
Schneider-electric Ecostruxure Power Monitoring Expert 9.0
Schneider-electric Power Manager 1.1
Schneider-electric Power Manager 1.2
Schneider-electric Power Manager 1.3
Schneider-electric Ecostruxure Power Monitoring Expert 8.0
Schneider-electric Ecostruxure Power Monitoring Expert 7.0
Schneider-electric Powerscada Operation With Advanced Reporting And Dashboards 9.0
Schneider-electric Powerscada Expert With Advanced Reporting And Dashboards 8.0
6.5
CVSSv2
CVE-2020-7545
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access a...
Schneider-electric Ecostruxure Energy Expert 2.0
Schneider-electric Ecostruxure Power Monitoring Expert 9.0
Schneider-electric Power Manager 1.1
Schneider-electric Power Manager 1.2
Schneider-electric Power Manager 1.3
Schneider-electric Ecostruxure Power Monitoring Expert 8.0
Schneider-electric Ecostruxure Power Monitoring Expert 7.0
Schneider-electric Powerscada Operation With Advanced Reporting And Dashboards 9.0
Schneider-electric Powerscada Expert With Advanced Reporting And Dashboards 8.0
3.5
CVSSv2
CVE-2020-7546
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an malicious user to perform actions on...
Schneider-electric Ecostruxure Energy Expert 2.0
Schneider-electric Ecostruxure Power Monitoring Expert 7.0
Schneider-electric Ecostruxure Power Monitoring Expert 8.0
Schneider-electric Ecostruxure Power Monitoring Expert 9.0
Schneider-electric Power Manager 1.1
Schneider-electric Power Manager 1.2
Schneider-electric Power Manager 1.3
Schneider-electric Powerscada Expert With Advanced Reporting And Dashboards 8.0
Schneider-electric Powerscada Operation With Advanced Reporting And Dashboards 9.0
4
CVSSv2
CVE-2022-22726
A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)
Schneider-electric Ecostruxure Power Monitoring Expert
3.5
CVSSv2
CVE-2022-22804
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an authenticated malicious user to view data, change settings, or impact availability of the software when the user visits a page contain...
Schneider-electric Ecostruxure Power Monitoring Expert
NA
CVE-2023-28003
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an malicious user to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account.
Schneider-electric Ecostruxure Power Monitoring Expert
6.8
CVSSv2
CVE-2021-22826
A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure? Power Monitoring Expert 9.0 and prior versions
Schneider-electric Ecostruxure Power Monitoring Expert
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »