Search
Find a vulnerability
Search criteria
28 vulnerabilities found for ecostruxure_power_monitoring_expert by schneider-electric
CVE-2025-11739 (GCVE-0-2025-11739)
Vulnerability from nvd – Published: 2026-03-10 12:25 – Updated: 2026-03-10 17:26
VLAI
Summary
CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of untrusted data
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | EcoStruxure™ Power Monitoring Expert (PME) |
Affected:
Version 2022
Affected: Version 2023 Affected: Version 2023 R2 Affected: Version 2024 Affected: Version 2024 R2 |
|
| Schneider Electric | EcoStruxure™ Power Operation (EPO) Advanced Reporting and Dashboards Module |
Affected:
Version 2022
Affected: Version 2024 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T13:33:55.316218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T13:34:01.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure\u2122 Power Monitoring Expert (PME)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Version 2022"
},
{
"status": "affected",
"version": "Version 2023"
},
{
"status": "affected",
"version": "Version 2023 R2"
},
{
"status": "affected",
"version": "Version 2024"
},
{
"status": "affected",
"version": "Version 2024 R2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure\u2122 Power Operation (EPO) Advanced Reporting and Dashboards Module",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Version 2022"
},
{
"status": "affected",
"version": "Version 2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE\u2011502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization."
}
],
"value": "CWE\u2011502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of untrusted data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T17:26:25.203Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2026-069-06.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2025-11739",
"datePublished": "2026-03-10T12:25:14.501Z",
"dateReserved": "2025-10-14T13:43:50.195Z",
"dateUpdated": "2026-03-10T17:26:25.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-5987 (GCVE-0-2023-5987)
Vulnerability from nvd – Published: 2023-11-15 03:48 – Updated: 2024-08-02 08:14
VLAI
Summary
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)
vulnerability that could cause a vulnerability leading to a cross site scripting condition where
attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing
the injected payload.
Severity
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | EcoStruxure Power Monitoring Expert (PME) |
Affected:
Version 2020 CU2 and prior
Affected: Version 2021 CU1 and prior |
|
| Schneider Electric | EcoStruxure Power Operation (EPO) – Advanced Reporting and Dashboards Module |
Affected:
Advanced Reporting and Dashboards Module 2021 prior to CU2 for EcoStruxure Power Operation 2021
Affected: Advanced Reporting and Dashboards Module 2020 prior to CU3 |
|
| Schneider Electric | EcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards Module |
Affected:
EcoStruxure Power SCADA Operation (PSO) 2020 or 2020 R2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:25.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-318-02.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Monitoring Expert (PME)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Version 2020 CU2 and prior"
},
{
"status": "affected",
"version": "Version 2021 CU1 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Operation (EPO) \u2013 Advanced Reporting and Dashboards Module",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Advanced Reporting and Dashboards Module 2021 prior to CU2 for EcoStruxure Power Operation 2021"
},
{
"status": "affected",
"version": "Advanced Reporting and Dashboards Module 2020 prior to CU3"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards Module",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "EcoStruxure Power SCADA Operation (PSO) 2020 or 2020 R2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)\nvulnerability that could cause a vulnerability leading to a cross site scripting condition where\nattackers can have a victim\u2019s browser run arbitrary JavaScript when they visit a page containing\nthe injected payload.\n\n"
}
],
"value": "\nA CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)\nvulnerability that could cause a vulnerability leading to a cross site scripting condition where\nattackers can have a victim\u2019s browser run arbitrary JavaScript when they visit a page containing\nthe injected payload.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T03:48:50.993Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-318-02.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-5987",
"datePublished": "2023-11-15T03:48:50.993Z",
"dateReserved": "2023-11-07T10:58:51.030Z",
"dateUpdated": "2024-08-02T08:14:25.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5986 (GCVE-0-2023-5986)
Vulnerability from nvd – Published: 2023-11-15 03:47 – Updated: 2024-12-02 21:11
VLAI
Summary
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input
attackers can cause the software’s web application to redirect to the chosen domain after a
successful login is performed.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | EcoStruxure Power Monitoring Expert (PME) |
Affected:
Version 2020 CU2 and prior
Affected: Version 2021 CU1 and prior |
|
| Schneider Electric | EcoStruxure Power Operation (EPO) – Advanced Reporting and Dashboards Module |
Affected:
Advanced Reporting and Dashboards Module 2021 prior to CU2 for EcoStruxure Power Operation 2021
Affected: Advanced Reporting and Dashboards Module 2020 prior to CU3 |
|
| Schneider Electric | EcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards Module |
Affected:
EcoStruxure Power SCADA Operation (PSO) 2020 or 2020 R2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:25.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-318-02.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-30T19:15:01.048115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T21:11:40.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Monitoring Expert (PME)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Version 2020 CU2 and prior"
},
{
"status": "affected",
"version": "Version 2021 CU1 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Operation (EPO) \u2013 Advanced Reporting and Dashboards Module",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Advanced Reporting and Dashboards Module 2021 prior to CU2 for EcoStruxure Power Operation 2021"
},
{
"status": "affected",
"version": "Advanced Reporting and Dashboards Module 2020 prior to CU3"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards Module",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "EcoStruxure Power SCADA Operation (PSO) 2020 or 2020 R2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input\nattackers can cause the software\u2019s web application to redirect to the chosen domain after a\nsuccessful login is performed. \n\n\n"
}
],
"value": "\nA CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input\nattackers can cause the software\u2019s web application to redirect to the chosen domain after a\nsuccessful login is performed. \n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T03:47:17.684Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-318-02.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-5986",
"datePublished": "2023-11-15T03:47:17.684Z",
"dateReserved": "2023-11-07T10:57:54.715Z",
"dateUpdated": "2024-12-02T21:11:40.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5391 (GCVE-0-2023-5391)
Vulnerability from nvd – Published: 2023-10-04 18:13 – Updated: 2025-02-27 20:46
VLAI
Summary
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to
execute arbitrary code on the targeted system by sending a specifically crafted packet to the
application.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | EcoStruxure Power Monitoring Expert |
Affected:
All versions – prior to application of Hotfix-145271
|
|
| Schneider Electric | EcoStruxure Power Operation (EPO) with Advanced Reports |
Affected:
All versions – prior to application of Hotfix-145271
|
|
| Schneider Electric | EcoStruxure Power SCADA Operation with Advanced Reports |
Affected:
All versions – prior to application of Hotfix-145271
|
Date Public
2023-10-10 17:55
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-283-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-283-02.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5391",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:50:43.582116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:46:31.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Monitoring Expert",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions \u2013 prior to application of Hotfix-145271"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Operation (EPO) with Advanced Reports",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions \u2013 prior to application of Hotfix-145271"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power SCADA Operation with Advanced Reports",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions \u2013 prior to application of Hotfix-145271"
}
]
}
],
"datePublic": "2023-10-10T17:55:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nA CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to\nexecute arbitrary code on the targeted system by sending a specifically crafted packet to the\napplication.\n\n\n\n\u003cbr\u003e"
}
],
"value": "\n\n\nA CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to\nexecute arbitrary code on the targeted system by sending a specifically crafted packet to the\napplication.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T08:25:11.967Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-283-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-283-02.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-5391",
"datePublished": "2023-10-04T18:13:00.746Z",
"dateReserved": "2023-10-04T17:50:08.965Z",
"dateUpdated": "2025-02-27T20:46:31.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28003 (GCVE-0-2023-28003)
Vulnerability from nvd – Published: 2023-04-18 20:43 – Updated: 2025-02-05 21:23
VLAI
Summary
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to
maintain unauthorized access over a hijacked session in PME after the legitimate user has
signed out of their account.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | EcoStruxure Power Monitoring Expert |
Affected:
All , ≤ PME 2022
(custom)
|
Date Public
2023-03-14 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-01.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:23:43.454658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:23:55.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Monitoring Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "PME 2022",
"status": "affected",
"version": "All ",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nA CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to\nmaintain unauthorized access over a hijacked session in PME after the legitimate user has\nsigned out of their account.\n\n\n\n"
}
],
"value": "\n\n\nA CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to\nmaintain unauthorized access over a hijacked session in PME after the legitimate user has\nsigned out of their account.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T20:43:50.362Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-01.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-28003",
"datePublished": "2023-04-18T20:43:50.362Z",
"dateReserved": "2023-03-09T15:40:32.544Z",
"dateUpdated": "2025-02-05T21:23:55.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22804 (GCVE-0-2022-22804)
Vulnerability from nvd – Published: 2022-02-04 22:29 – Updated: 2024-08-03 03:21
VLAI
Summary
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the injected payload. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)
Severity
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://download.schneider-electric.com/files?p_D… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EcoStruxure Power Monitoring Expert (Versions 2020 and prior) |
Affected:
EcoStruxure Power Monitoring Expert (Versions 2020 and prior)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the injected payload. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:39.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2022-22804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the injected payload. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-22804",
"datePublished": "2022-02-04T22:29:39.000Z",
"dateReserved": "2022-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:21:49.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22727 (GCVE-0-2022-22727)
Vulnerability from nvd – Published: 2022-02-04 22:29 – Updated: 2024-08-03 03:21
VLAI
Summary
A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user�s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)
Severity
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://download.schneider-electric.com/files?p_D… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EcoStruxure Power Monitoring Expert (Versions 2020 and prior) |
Affected:
EcoStruxure Power Monitoring Expert (Versions 2020 and prior)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:48.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user\ufffds local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:38.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2022-22727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user\ufffds local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-22727",
"datePublished": "2022-02-04T22:29:38.000Z",
"dateReserved": "2022-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:21:48.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22726 (GCVE-0-2022-22726)
Vulnerability from nvd – Published: 2022-02-04 22:29 – Updated: 2024-08-03 03:21
VLAI
Summary
A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)
Severity
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://download.schneider-electric.com/files?p_D… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EcoStruxure Power Monitoring Expert (Versions 2020 and prior) |
Affected:
EcoStruxure Power Monitoring Expert (Versions 2020 and prior)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:38.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2022-22726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-22726",
"datePublished": "2022-02-04T22:29:38.000Z",
"dateReserved": "2022-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:21:49.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22827 (GCVE-0-2021-22827)
Vulnerability from nvd – Published: 2022-01-28 19:09 – Updated: 2024-08-03 18:51
VLAI
Summary
A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure� Power Monitoring Expert 9.0 and prior versions
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://download.schneider-electric.com/files?p_D… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure\ufffd Power Monitoring Expert 9.0 and prior versions"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T19:09:39.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure\ufffd Power Monitoring Expert 9.0 and prior versions"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22827",
"datePublished": "2022-01-28T19:09:39.000Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:51:07.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22826 (GCVE-0-2021-22826)
Vulnerability from nvd – Published: 2022-01-28 19:09 – Updated: 2024-08-03 18:51
VLAI
Summary
A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure� Power Monitoring Expert 9.0 and prior versions
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://download.schneider-electric.com/files?p_D… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure\ufffd Power Monitoring Expert 9.0 and prior versions"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T19:09:38.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure\ufffd Power Monitoring Expert 9.0 and prior versions"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22826",
"datePublished": "2022-01-28T19:09:38.000Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:51:07.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7547 (GCVE-0-2020-7547)
Vulnerability from nvd – Published: 2020-12-01 14:44 – Updated: 2024-08-04 09:33
VLAI
Summary
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) |
Affected:
EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-284: Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284:Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T14:44:52.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-284: Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284:Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7547",
"datePublished": "2020-12-01T14:44:52.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7546 (GCVE-0-2020-7546)
Vulnerability from nvd – Published: 2020-12-01 14:44 – Updated: 2024-08-04 09:33
VLAI
Summary
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.
Severity
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) |
Affected:
EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T14:44:31.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7546",
"datePublished": "2020-12-01T14:44:31.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7545 (GCVE-0-2020-7545)
Vulnerability from nvd – Published: 2020-12-01 14:44 – Updated: 2024-08-04 09:33
VLAI
Summary
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) |
Affected:
EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-284:Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284:Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T14:44:10.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-284:Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284:Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7545",
"datePublished": "2020-12-01T14:44:10.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7797 (GCVE-0-2018-7797)
Vulnerability from nvd – Published: 2018-12-17 22:00 – Updated: 2024-08-05 06:37
VLAI
Summary
A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.
Severity
No CVSS data available.
CWE
- URL redirection
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/106277 | vdb-entryx_refsource_BID |
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxureª Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxureª Energy Expert 1.3 (formerly Power Manager), EcoStruxureª Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxureª Power Monitoring Expert (PME) v9.0, EcoStruxureª Energy Expert v2.0, and EcoStruxureªPower SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module |
Affected:
EcoStruxureª
Affected: Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxureª Affected: Energy Expert 1.3 (formerly Power Manager), EcoStruxureª Affected: Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxureª Affected: Power Monitoring Expert (PME) v9.0, EcoStruxureª Affected: Energy Expert v2.0, and EcoStruxureª Affected: Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module |
Date Public
2018-12-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106277"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa; Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa; Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa; Energy Expert v2.0, and EcoStruxure\u0026#xaa;Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Energy Expert v2.0, and EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module"
}
]
}
],
"datePublic": "2018-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URL redirection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-22T10:57:01.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"name": "106277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106277"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa; Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa; Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa; Energy Expert v2.0, and EcoStruxure\u0026#xaa;Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u0026#xaa"
},
{
"version_value": "Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa"
},
{
"version_value": "Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa"
},
{
"version_value": "Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa"
},
{
"version_value": "Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa"
},
{
"version_value": "Energy Expert v2.0, and EcoStruxure\u0026#xaa"
},
{
"version_value": "Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL redirection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106277"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7797",
"datePublished": "2018-12-17T22:00:00.000Z",
"dateReserved": "2018-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:37:59.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11739 (GCVE-0-2025-11739)
Vulnerability from cvelistv5 – Published: 2026-03-10 12:25 – Updated: 2026-03-10 17:26
VLAI
Summary
CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of untrusted data
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | EcoStruxure™ Power Monitoring Expert (PME) |
Affected:
Version 2022
Affected: Version 2023 Affected: Version 2023 R2 Affected: Version 2024 Affected: Version 2024 R2 |
|
| Schneider Electric | EcoStruxure™ Power Operation (EPO) Advanced Reporting and Dashboards Module |
Affected:
Version 2022
Affected: Version 2024 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T13:33:55.316218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T13:34:01.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure\u2122 Power Monitoring Expert (PME)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Version 2022"
},
{
"status": "affected",
"version": "Version 2023"
},
{
"status": "affected",
"version": "Version 2023 R2"
},
{
"status": "affected",
"version": "Version 2024"
},
{
"status": "affected",
"version": "Version 2024 R2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure\u2122 Power Operation (EPO) Advanced Reporting and Dashboards Module",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Version 2022"
},
{
"status": "affected",
"version": "Version 2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE\u2011502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization."
}
],
"value": "CWE\u2011502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of untrusted data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T17:26:25.203Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2026-069-06.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2025-11739",
"datePublished": "2026-03-10T12:25:14.501Z",
"dateReserved": "2025-10-14T13:43:50.195Z",
"dateUpdated": "2026-03-10T17:26:25.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-5987 (GCVE-0-2023-5987)
Vulnerability from cvelistv5 – Published: 2023-11-15 03:48 – Updated: 2024-08-02 08:14
VLAI
Summary
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)
vulnerability that could cause a vulnerability leading to a cross site scripting condition where
attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing
the injected payload.
Severity
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | EcoStruxure Power Monitoring Expert (PME) |
Affected:
Version 2020 CU2 and prior
Affected: Version 2021 CU1 and prior |
|
| Schneider Electric | EcoStruxure Power Operation (EPO) – Advanced Reporting and Dashboards Module |
Affected:
Advanced Reporting and Dashboards Module 2021 prior to CU2 for EcoStruxure Power Operation 2021
Affected: Advanced Reporting and Dashboards Module 2020 prior to CU3 |
|
| Schneider Electric | EcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards Module |
Affected:
EcoStruxure Power SCADA Operation (PSO) 2020 or 2020 R2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:25.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-318-02.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Monitoring Expert (PME)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Version 2020 CU2 and prior"
},
{
"status": "affected",
"version": "Version 2021 CU1 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Operation (EPO) \u2013 Advanced Reporting and Dashboards Module",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Advanced Reporting and Dashboards Module 2021 prior to CU2 for EcoStruxure Power Operation 2021"
},
{
"status": "affected",
"version": "Advanced Reporting and Dashboards Module 2020 prior to CU3"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards Module",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "EcoStruxure Power SCADA Operation (PSO) 2020 or 2020 R2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)\nvulnerability that could cause a vulnerability leading to a cross site scripting condition where\nattackers can have a victim\u2019s browser run arbitrary JavaScript when they visit a page containing\nthe injected payload.\n\n"
}
],
"value": "\nA CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)\nvulnerability that could cause a vulnerability leading to a cross site scripting condition where\nattackers can have a victim\u2019s browser run arbitrary JavaScript when they visit a page containing\nthe injected payload.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T03:48:50.993Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-318-02.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-5987",
"datePublished": "2023-11-15T03:48:50.993Z",
"dateReserved": "2023-11-07T10:58:51.030Z",
"dateUpdated": "2024-08-02T08:14:25.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5986 (GCVE-0-2023-5986)
Vulnerability from cvelistv5 – Published: 2023-11-15 03:47 – Updated: 2024-12-02 21:11
VLAI
Summary
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input
attackers can cause the software’s web application to redirect to the chosen domain after a
successful login is performed.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | EcoStruxure Power Monitoring Expert (PME) |
Affected:
Version 2020 CU2 and prior
Affected: Version 2021 CU1 and prior |
|
| Schneider Electric | EcoStruxure Power Operation (EPO) – Advanced Reporting and Dashboards Module |
Affected:
Advanced Reporting and Dashboards Module 2021 prior to CU2 for EcoStruxure Power Operation 2021
Affected: Advanced Reporting and Dashboards Module 2020 prior to CU3 |
|
| Schneider Electric | EcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards Module |
Affected:
EcoStruxure Power SCADA Operation (PSO) 2020 or 2020 R2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:25.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-318-02.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-30T19:15:01.048115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T21:11:40.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Monitoring Expert (PME)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Version 2020 CU2 and prior"
},
{
"status": "affected",
"version": "Version 2021 CU1 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Operation (EPO) \u2013 Advanced Reporting and Dashboards Module",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Advanced Reporting and Dashboards Module 2021 prior to CU2 for EcoStruxure Power Operation 2021"
},
{
"status": "affected",
"version": "Advanced Reporting and Dashboards Module 2020 prior to CU3"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards Module",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "EcoStruxure Power SCADA Operation (PSO) 2020 or 2020 R2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input\nattackers can cause the software\u2019s web application to redirect to the chosen domain after a\nsuccessful login is performed. \n\n\n"
}
],
"value": "\nA CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input\nattackers can cause the software\u2019s web application to redirect to the chosen domain after a\nsuccessful login is performed. \n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T03:47:17.684Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-318-02.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-5986",
"datePublished": "2023-11-15T03:47:17.684Z",
"dateReserved": "2023-11-07T10:57:54.715Z",
"dateUpdated": "2024-12-02T21:11:40.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5391 (GCVE-0-2023-5391)
Vulnerability from cvelistv5 – Published: 2023-10-04 18:13 – Updated: 2025-02-27 20:46
VLAI
Summary
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to
execute arbitrary code on the targeted system by sending a specifically crafted packet to the
application.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | EcoStruxure Power Monitoring Expert |
Affected:
All versions – prior to application of Hotfix-145271
|
|
| Schneider Electric | EcoStruxure Power Operation (EPO) with Advanced Reports |
Affected:
All versions – prior to application of Hotfix-145271
|
|
| Schneider Electric | EcoStruxure Power SCADA Operation with Advanced Reports |
Affected:
All versions – prior to application of Hotfix-145271
|
Date Public
2023-10-10 17:55
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-283-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-283-02.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5391",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:50:43.582116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:46:31.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Monitoring Expert",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions \u2013 prior to application of Hotfix-145271"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Operation (EPO) with Advanced Reports",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions \u2013 prior to application of Hotfix-145271"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power SCADA Operation with Advanced Reports",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions \u2013 prior to application of Hotfix-145271"
}
]
}
],
"datePublic": "2023-10-10T17:55:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nA CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to\nexecute arbitrary code on the targeted system by sending a specifically crafted packet to the\napplication.\n\n\n\n\u003cbr\u003e"
}
],
"value": "\n\n\nA CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to\nexecute arbitrary code on the targeted system by sending a specifically crafted packet to the\napplication.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T08:25:11.967Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-283-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-283-02.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-5391",
"datePublished": "2023-10-04T18:13:00.746Z",
"dateReserved": "2023-10-04T17:50:08.965Z",
"dateUpdated": "2025-02-27T20:46:31.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28003 (GCVE-0-2023-28003)
Vulnerability from cvelistv5 – Published: 2023-04-18 20:43 – Updated: 2025-02-05 21:23
VLAI
Summary
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to
maintain unauthorized access over a hijacked session in PME after the legitimate user has
signed out of their account.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | EcoStruxure Power Monitoring Expert |
Affected:
All , ≤ PME 2022
(custom)
|
Date Public
2023-03-14 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-01.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:23:43.454658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:23:55.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Monitoring Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "PME 2022",
"status": "affected",
"version": "All ",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nA CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to\nmaintain unauthorized access over a hijacked session in PME after the legitimate user has\nsigned out of their account.\n\n\n\n"
}
],
"value": "\n\n\nA CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to\nmaintain unauthorized access over a hijacked session in PME after the legitimate user has\nsigned out of their account.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T20:43:50.362Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-01.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-28003",
"datePublished": "2023-04-18T20:43:50.362Z",
"dateReserved": "2023-03-09T15:40:32.544Z",
"dateUpdated": "2025-02-05T21:23:55.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22804 (GCVE-0-2022-22804)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:29 – Updated: 2024-08-03 03:21
VLAI
Summary
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the injected payload. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)
Severity
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://download.schneider-electric.com/files?p_D… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EcoStruxure Power Monitoring Expert (Versions 2020 and prior) |
Affected:
EcoStruxure Power Monitoring Expert (Versions 2020 and prior)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the injected payload. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:39.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2022-22804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the injected payload. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-22804",
"datePublished": "2022-02-04T22:29:39.000Z",
"dateReserved": "2022-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:21:49.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22726 (GCVE-0-2022-22726)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:29 – Updated: 2024-08-03 03:21
VLAI
Summary
A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)
Severity
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://download.schneider-electric.com/files?p_D… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EcoStruxure Power Monitoring Expert (Versions 2020 and prior) |
Affected:
EcoStruxure Power Monitoring Expert (Versions 2020 and prior)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:38.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2022-22726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-22726",
"datePublished": "2022-02-04T22:29:38.000Z",
"dateReserved": "2022-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:21:49.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22727 (GCVE-0-2022-22727)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:29 – Updated: 2024-08-03 03:21
VLAI
Summary
A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user�s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)
Severity
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://download.schneider-electric.com/files?p_D… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EcoStruxure Power Monitoring Expert (Versions 2020 and prior) |
Affected:
EcoStruxure Power Monitoring Expert (Versions 2020 and prior)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:48.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user\ufffds local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:38.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2022-22727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user\ufffds local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-22727",
"datePublished": "2022-02-04T22:29:38.000Z",
"dateReserved": "2022-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:21:48.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22827 (GCVE-0-2021-22827)
Vulnerability from cvelistv5 – Published: 2022-01-28 19:09 – Updated: 2024-08-03 18:51
VLAI
Summary
A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure� Power Monitoring Expert 9.0 and prior versions
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://download.schneider-electric.com/files?p_D… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure\ufffd Power Monitoring Expert 9.0 and prior versions"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T19:09:39.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure\ufffd Power Monitoring Expert 9.0 and prior versions"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22827",
"datePublished": "2022-01-28T19:09:39.000Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:51:07.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22826 (GCVE-0-2021-22826)
Vulnerability from cvelistv5 – Published: 2022-01-28 19:09 – Updated: 2024-08-03 18:51
VLAI
Summary
A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure� Power Monitoring Expert 9.0 and prior versions
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://download.schneider-electric.com/files?p_D… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure\ufffd Power Monitoring Expert 9.0 and prior versions"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T19:09:38.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure\ufffd Power Monitoring Expert 9.0 and prior versions"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22826",
"datePublished": "2022-01-28T19:09:38.000Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:51:07.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7547 (GCVE-0-2020-7547)
Vulnerability from cvelistv5 – Published: 2020-12-01 14:44 – Updated: 2024-08-04 09:33
VLAI
Summary
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) |
Affected:
EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-284: Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284:Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T14:44:52.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-284: Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284:Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7547",
"datePublished": "2020-12-01T14:44:52.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7546 (GCVE-0-2020-7546)
Vulnerability from cvelistv5 – Published: 2020-12-01 14:44 – Updated: 2024-08-04 09:33
VLAI
Summary
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.
Severity
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) |
Affected:
EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T14:44:31.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7546",
"datePublished": "2020-12-01T14:44:31.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7545 (GCVE-0-2020-7545)
Vulnerability from cvelistv5 – Published: 2020-12-01 14:44 – Updated: 2024-08-04 09:33
VLAI
Summary
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) |
Affected:
EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-284:Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284:Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T14:44:10.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-284:Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284:Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7545",
"datePublished": "2020-12-01T14:44:10.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7797 (GCVE-0-2018-7797)
Vulnerability from cvelistv5 – Published: 2018-12-17 22:00 – Updated: 2024-08-05 06:37
VLAI
Summary
A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.
Severity
No CVSS data available.
CWE
- URL redirection
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/106277 | vdb-entryx_refsource_BID |
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxureª Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxureª Energy Expert 1.3 (formerly Power Manager), EcoStruxureª Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxureª Power Monitoring Expert (PME) v9.0, EcoStruxureª Energy Expert v2.0, and EcoStruxureªPower SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module |
Affected:
EcoStruxureª
Affected: Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxureª Affected: Energy Expert 1.3 (formerly Power Manager), EcoStruxureª Affected: Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxureª Affected: Power Monitoring Expert (PME) v9.0, EcoStruxureª Affected: Energy Expert v2.0, and EcoStruxureª Affected: Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module |
Date Public
2018-12-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106277"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa; Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa; Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa; Energy Expert v2.0, and EcoStruxure\u0026#xaa;Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Energy Expert v2.0, and EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module"
}
]
}
],
"datePublic": "2018-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URL redirection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-22T10:57:01.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"name": "106277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106277"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa; Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa; Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa; Energy Expert v2.0, and EcoStruxure\u0026#xaa;Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u0026#xaa"
},
{
"version_value": "Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa"
},
{
"version_value": "Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa"
},
{
"version_value": "Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa"
},
{
"version_value": "Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa"
},
{
"version_value": "Energy Expert v2.0, and EcoStruxure\u0026#xaa"
},
{
"version_value": "Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL redirection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106277"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7797",
"datePublished": "2018-12-17T22:00:00.000Z",
"dateReserved": "2018-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:37:59.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}