Vulnerabilities > Schneider Electric > Ecostruxure Power Monitoring Expert > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-5986 | Open Redirect vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert 2020/2021 A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. | 6.1 |
| 2023-11-15 | CVE-2023-5987 | Cross-site Scripting vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert 2020/2021 A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload. | 6.1 |
| 2022-02-04 | CVE-2022-22726 | Improper Input Validation vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. | 4.0 |
| 2020-12-01 | CVE-2020-7547 | Unspecified vulnerability in Schneider-Electric products A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level. | 6.5 |
| 2020-12-01 | CVE-2020-7545 | Unspecified vulnerability in Schneider-Electric products A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage. | 6.5 |
| 2018-12-17 | CVE-2018-7797 | Open Redirect vulnerability in Schneider-Electric products A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site. | 5.8 |