Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ecostruxure_power_monitoring_expert
(Schneider\-Electric)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-10-04 | CVE-2023-5391 | A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application. | Ecostruxure_power_monitoring_expert, Ecostruxure_power_operation_with_advanced_reports, Ecostruxure_power_scada_operation_with_advanced_reports | 9.8 | ||
| 2023-11-15 | CVE-2023-5986 | A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is performed. | Ecostruxure_power_monitoring_expert | 6.1 | ||
| 2023-11-15 | CVE-2023-5987 | A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload. | Ecostruxure_power_monitoring_expert | 6.1 |