Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
energy vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2097
Authenticated List control client can execute the LINQ query in SCM Server to present event as list for operator. An authenticated malicious client can send special LINQ query to execute arbitrary code remotely (RCE) on the SCM Server that an attacker otherwise does not have auth...
312
VMScore
CVE-2020-7546
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an malicious user to perform actions on...
Schneider-electric Ecostruxure Energy Expert 2.0
Schneider-electric Ecostruxure Power Monitoring Expert 7.0
Schneider-electric Ecostruxure Power Monitoring Expert 8.0
Schneider-electric Ecostruxure Power Monitoring Expert 9.0
Schneider-electric Power Manager 1.1
Schneider-electric Power Manager 1.2
Schneider-electric Power Manager 1.3
Schneider-electric Powerscada Expert With Advanced Reporting And Dashboards 8.0
Schneider-electric Powerscada Operation With Advanced Reporting And Dashboards 9.0
578
VMScore
CVE-2020-7547
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher pr...
Schneider-electric Ecostruxure Energy Expert 2.0
Schneider-electric Ecostruxure Power Monitoring Expert 9.0
Schneider-electric Power Manager 1.1
Schneider-electric Power Manager 1.2
Schneider-electric Power Manager 1.3
Schneider-electric Ecostruxure Power Monitoring Expert 8.0
Schneider-electric Ecostruxure Power Monitoring Expert 7.0
Schneider-electric Powerscada Operation With Advanced Reporting And Dashboards 9.0
Schneider-electric Powerscada Expert With Advanced Reporting And Dashboards 8.0
578
VMScore
CVE-2020-7545
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access a...
Schneider-electric Ecostruxure Energy Expert 2.0
Schneider-electric Ecostruxure Power Monitoring Expert 9.0
Schneider-electric Power Manager 1.1
Schneider-electric Power Manager 1.2
Schneider-electric Power Manager 1.3
Schneider-electric Ecostruxure Power Monitoring Expert 8.0
Schneider-electric Ecostruxure Power Monitoring Expert 7.0
Schneider-electric Powerscada Operation With Advanced Reporting And Dashboards 9.0
Schneider-electric Powerscada Expert With Advanced Reporting And Dashboards 8.0
NA
CVE-2024-2244
REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations.
151
VMScore
CVE-2016-5848
Siemens SICAM PAS prior to 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.
Siemens Sicam Pas\\/pqs
1 Article
169
VMScore
CVE-2016-5849
Siemens SICAM PAS up to and including 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage.
Siemens Sicam Pas\\/pqs
1 Article
NA
CVE-2024-1531
A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-language file.
NA
CVE-2024-1532
A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb-language file.
NA
CVE-2022-44037
An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows malicious users to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows ...
Apsystems Ecu-c Firmware C1.2.2
Apsystems Ecu-c Firmware V3.11.4
Apsystems Ecu-c Firmware V4.1na
Apsystems Ecu-c Firmware V4.1saa
Apsystems Ecu-c Firmware W2.1na
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »