Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ecostruxure_power_monitoring_expert
(Schneider\-Electric)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-02-04 | CVE-2022-22804 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the injected payload. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) | Ecostruxure_power_monitoring_expert | 5.4 | ||
| 2020-12-01 | CVE-2020-7546 | A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage. | Ecostruxure_energy_expert, Ecostruxure_power_monitoring_expert, Power_manager, Powerscada_expert_with_advanced_reporting_and_dashboards, Powerscada_operation_with_advanced_reporting_and_dashboards | 5.4 | ||
| 2018-12-17 | CVE-2018-7797 | A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause... | Ecostruxure_energy_expert, Ecostruxure_power_monitoring_expert, Ecostruxure_power_scada_operation | 6.1 |