Search
Find a vulnerability
Search criteria
2 vulnerabilities found for EcoStruxure™ Power Operation Advanced Reporting and Dashboards Module by Schneider Electric
CVE-2025-6788 (GCVE-0-2025-6788)
Vulnerability from nvd – Published: 2025-07-11 11:09 – Updated: 2025-07-22 15:16
VLAI
EPSS
VEX
Summary
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources
to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML
diagrams.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | EcoStruxure™ Power Monitoring Expert |
Affected:
2023 , < All
(custom)
Affected: 2023 R2 , < All (custom) Affected: 2024 , < All (custom) Affected: 2024 R2 , < All (custom) |
|
| Schneider Electric | EcoStruxure™ Power Operation Advanced Reporting and Dashboards Module |
Affected:
2022 w/ Advanced Reporting Module , < All
(custom)
Affected: 2024 w/ Advanced Reporting Module , < All (custom) |
Date Public
2025-07-08 05:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T15:16:21.254303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T15:16:30.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure\u2122 Power Monitoring Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "All",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "All",
"status": "affected",
"version": "2023 R2",
"versionType": "custom"
},
{
"lessThan": "All",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "All",
"status": "affected",
"version": "2024 R2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure\u2122 Power Operation Advanced Reporting and Dashboards Module",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "All",
"status": "affected",
"version": "2022 w/ Advanced Reporting Module",
"versionType": "custom"
},
{
"lessThan": "All",
"status": "affected",
"version": "2024 w/ Advanced Reporting Module",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-07-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources\nto the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML\ndiagrams."
}
],
"value": "A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources\nto the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML\ndiagrams."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-13T23:18:24.544Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-04.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2025-6788",
"datePublished": "2025-07-11T11:09:35.038Z",
"dateReserved": "2025-06-27T12:59:12.591Z",
"dateUpdated": "2025-07-22T15:16:30.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6788 (GCVE-0-2025-6788)
Vulnerability from cvelistv5 – Published: 2025-07-11 11:09 – Updated: 2025-07-22 15:16
VLAI
EPSS
VEX
Summary
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources
to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML
diagrams.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | EcoStruxure™ Power Monitoring Expert |
Affected:
2023 , < All
(custom)
Affected: 2023 R2 , < All (custom) Affected: 2024 , < All (custom) Affected: 2024 R2 , < All (custom) |
|
| Schneider Electric | EcoStruxure™ Power Operation Advanced Reporting and Dashboards Module |
Affected:
2022 w/ Advanced Reporting Module , < All
(custom)
Affected: 2024 w/ Advanced Reporting Module , < All (custom) |
Date Public
2025-07-08 05:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T15:16:21.254303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T15:16:30.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure\u2122 Power Monitoring Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "All",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "All",
"status": "affected",
"version": "2023 R2",
"versionType": "custom"
},
{
"lessThan": "All",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "All",
"status": "affected",
"version": "2024 R2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure\u2122 Power Operation Advanced Reporting and Dashboards Module",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "All",
"status": "affected",
"version": "2022 w/ Advanced Reporting Module",
"versionType": "custom"
},
{
"lessThan": "All",
"status": "affected",
"version": "2024 w/ Advanced Reporting Module",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-07-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources\nto the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML\ndiagrams."
}
],
"value": "A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources\nto the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML\ndiagrams."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-13T23:18:24.544Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-189-04.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2025-6788",
"datePublished": "2025-07-11T11:09:35.038Z",
"dateReserved": "2025-06-27T12:59:12.591Z",
"dateUpdated": "2025-07-22T15:16:30.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}