Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
energy vulnerabilities and exploits
(subscribe to this query)
8
CVSSv3
CVE-2018-15445
A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote malicious user to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due ...
Cisco Energy Management Suite Software -
6.1
CVSSv3
CVE-2018-7797
A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced ...
Schneider-electric Ecostruxure Power Scada Operation 9.0
Schneider-electric Ecostruxure Power Scada Operation 8.2
Schneider-electric Ecostruxure Energy Expert 2.0
Schneider-electric Ecostruxure Energy Expert 1.3
Schneider-electric Ecostruxure Power Monitoring Expert 9.0
Schneider-electric Ecostruxure Power Monitoring Expert 8.2
8.8
CVSSv3
CVE-2023-1109
In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full ...
Phoenixcontact Energy Axc Pu
Phoenixcontact Infobox Firmware
Phoenixcontact Smartrtu Axc Sg Firmware
Phoenixcontact Smartrtu Axc Ig Firmware
6.1
CVSSv3
CVE-2016-5902
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Ibm Maximo For Transportation 7.5
Ibm Maximo For Utilities 7.5
Ibm Maximo For Aviation 7.5
Ibm Maximo For Utilities 7.1
Ibm Maximo For Nuclear Power 7.1
Ibm Maximo For Energy Optimization 7.5
Ibm Maximo Asset Management 7.5
Ibm Maximo For Transportation 7.6
Ibm Maximo For Aviation 7.1
Ibm Maximo For Life Sciences 7.6
Ibm Maximo For Oil And Gas 7.6
Ibm Maximo Asset Management 7.1
Ibm Maximo For Oil And Gas 7.1
Ibm Maximo For Government 7.1
Ibm Maximo For Energy Optimization 7.1
Ibm Maximo For Aviation 7.6
Ibm Maximo For Life Sciences 7.5
Ibm Maximo For Nuclear Power 7.5
Ibm Maximo For Government 7.5
Ibm Maximo Asset Management 7.6
Ibm Maximo For Utilities 7.6
Ibm Maximo For Nuclear Power 7.6
9.8
CVSSv3
CVE-2020-7548
A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login.
Schneider-electric Acti9 Smartlink Si D Firmware
Schneider-electric Acti9 Smartlink Si B Firmware
Schneider-electric Acti9 Powertag Link Firmware
Schneider-electric Acti9 Powertag Link Hd Firmware
Schneider-electric Acti9 Smartlink El B Firmware
Schneider-electric Wiser Link Firmware
Schneider-electric Wiser Energy Firmware
7.2
CVSSv3
CVE-2020-7545
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access a...
Schneider-electric Ecostruxure Energy Expert 2.0
Schneider-electric Ecostruxure Power Monitoring Expert 9.0
Schneider-electric Power Manager 1.1
Schneider-electric Power Manager 1.2
Schneider-electric Power Manager 1.3
Schneider-electric Ecostruxure Power Monitoring Expert 8.0
Schneider-electric Ecostruxure Power Monitoring Expert 7.0
Schneider-electric Powerscada Operation With Advanced Reporting And Dashboards 9.0
Schneider-electric Powerscada Expert With Advanced Reporting And Dashboards 8.0
5.4
CVSSv3
CVE-2020-7546
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an malicious user to perform actions on...
Schneider-electric Ecostruxure Energy Expert 2.0
Schneider-electric Ecostruxure Power Monitoring Expert 9.0
Schneider-electric Power Manager 1.1
Schneider-electric Power Manager 1.2
Schneider-electric Power Manager 1.3
Schneider-electric Ecostruxure Power Monitoring Expert 8.0
Schneider-electric Ecostruxure Power Monitoring Expert 7.0
Schneider-electric Powerscada Operation With Advanced Reporting And Dashboards 9.0
Schneider-electric Powerscada Expert With Advanced Reporting And Dashboards 8.0
8.8
CVSSv3
CVE-2020-7547
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher pr...
Schneider-electric Ecostruxure Energy Expert 2.0
Schneider-electric Ecostruxure Power Monitoring Expert 9.0
Schneider-electric Power Manager 1.1
Schneider-electric Power Manager 1.2
Schneider-electric Power Manager 1.3
Schneider-electric Ecostruxure Power Monitoring Expert 8.0
Schneider-electric Ecostruxure Power Monitoring Expert 7.0
Schneider-electric Powerscada Operation With Advanced Reporting And Dashboards 9.0
Schneider-electric Powerscada Expert With Advanced Reporting And Dashboards 8.0
NA
CVE-2024-0400
SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code (RCE) ...
NA
CVE-2024-2097
Authenticated List control client can execute the LINQ query in SCM Server to present event as list for operator. An authenticated malicious client can send special LINQ query to execute arbitrary code remotely (RCE) on the SCM Server that an attacker otherwise does not have auth...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »