Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for EcoStruxure™ Power Operation Advanced Reporting and Dashboards Module by Schneider Electric

    CVE-2025-6788 (GCVE-0-2025-6788)

    Vulnerability from nvd – Published: 2025-07-11 11:09 – Updated: 2025-07-22 15:16
    VLAI
    Summary
    A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML diagrams.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    Impacted products
    Vendor Product Version
    Schneider Electric EcoStruxure™ Power Monitoring Expert Affected: 2023 , < All (custom)
    Affected: 2023 R2 , < All (custom)
    Affected: 2024 , < All (custom)
    Affected: 2024 R2 , < All (custom)
    Create a notification for this product.
    Schneider Electric EcoStruxure™ Power Operation Advanced Reporting and Dashboards Module Affected: 2022 w/ Advanced Reporting Module , < All (custom)
    Affected: 2024 w/ Advanced Reporting Module , < All (custom)
    Create a notification for this product.
    Date Public
    2025-07-08 05:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6788",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-22T15:16:21.254303Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-22T15:16:30.986Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "EcoStruxure\u2122 Power Monitoring Expert",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "lessThan": "All",
                  "status": "affected",
                  "version": "2023",
                  "versionType": "custom"
                },
                {
                  "lessThan": "All",
                  "status": "affected",
                  "version": "2023 R2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "All",
                  "status": "affected",
                  "version": "2024",
                  "versionType": "custom"
                },
                {
                  "lessThan": "All",
                  "status": "affected",
                  "version": "2024 R2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EcoStruxure\u2122 Power Operation Advanced Reporting and Dashboards Module",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "lessThan": "All",
                  "status": "affected",
                  "version": "2022 w/ Advanced Reporting Module",
                  "versionType": "custom"
                },
                {
                  "lessThan": "All",
                  "status": "affected",
                  "version": "2024 w/ Advanced Reporting Module",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-07-08T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources\nto the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML\ndiagrams."
                }
              ],
              "value": "A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources\nto the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML\ndiagrams."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "CWE-668 Exposure of Resource to Wrong Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-13T23:18:24.544Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-04.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2025-6788",
        "datePublished": "2025-07-11T11:09:35.038Z",
        "dateReserved": "2025-06-27T12:59:12.591Z",
        "dateUpdated": "2025-07-22T15:16:30.986Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6788 (GCVE-0-2025-6788)

    Vulnerability from cvelistv5 – Published: 2025-07-11 11:09 – Updated: 2025-07-22 15:16
    VLAI
    Summary
    A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML diagrams.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    Impacted products
    Vendor Product Version
    Schneider Electric EcoStruxure™ Power Monitoring Expert Affected: 2023 , < All (custom)
    Affected: 2023 R2 , < All (custom)
    Affected: 2024 , < All (custom)
    Affected: 2024 R2 , < All (custom)
    Create a notification for this product.
    Schneider Electric EcoStruxure™ Power Operation Advanced Reporting and Dashboards Module Affected: 2022 w/ Advanced Reporting Module , < All (custom)
    Affected: 2024 w/ Advanced Reporting Module , < All (custom)
    Create a notification for this product.
    Date Public
    2025-07-08 05:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6788",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-22T15:16:21.254303Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-22T15:16:30.986Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "EcoStruxure\u2122 Power Monitoring Expert",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "lessThan": "All",
                  "status": "affected",
                  "version": "2023",
                  "versionType": "custom"
                },
                {
                  "lessThan": "All",
                  "status": "affected",
                  "version": "2023 R2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "All",
                  "status": "affected",
                  "version": "2024",
                  "versionType": "custom"
                },
                {
                  "lessThan": "All",
                  "status": "affected",
                  "version": "2024 R2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EcoStruxure\u2122 Power Operation Advanced Reporting and Dashboards Module",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "lessThan": "All",
                  "status": "affected",
                  "version": "2022 w/ Advanced Reporting Module",
                  "versionType": "custom"
                },
                {
                  "lessThan": "All",
                  "status": "affected",
                  "version": "2024 w/ Advanced Reporting Module",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-07-08T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources\nto the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML\ndiagrams."
                }
              ],
              "value": "A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources\nto the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML\ndiagrams."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "CWE-668 Exposure of Resource to Wrong Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-13T23:18:24.544Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-04.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2025-6788",
        "datePublished": "2025-07-11T11:09:35.038Z",
        "dateReserved": "2025-06-27T12:59:12.591Z",
        "dateUpdated": "2025-07-22T15:16:30.986Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }