cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9005,https://securityvulnerability.io/vulnerability/CVE-2024-9005,Remote Code Execution Vulnerability,"A vulnerability exists in Schneider Electric's web server products that allows an attacker to remotely execute code on the server. This issue arises when unsafely deserialized data is posted to the server, creating a pathway for exploitation. An attacker could craft a malicious payload to take advantage of this flaw, leading to potential unauthorized access and control over the affected system. It is crucial for users of these products to assess their security posture and implement appropriate mitigations to safeguard against such threats.",Schneider Electric,Ecostruxure Power Monitoring Expert (pme),7.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-10-08T10:22:06.939Z,0
CVE-2023-5986,https://securityvulnerability.io/vulnerability/CVE-2023-5986,URL Redirection Vulnerability in Schneider Electric's Web Application,"A security vulnerability exists that allows for URL redirection to untrusted sites, potentially leading to cross-site scripting attacks. This occurs when attackers provide a URL-encoded input that manipulates the web application to redirect to malicious domains after the user successfully logs in. Such vulnerabilities can compromise user data and trust, making it essential for users to update their systems and ensure proper security measures are in place.",Schneider Electric,"Ecostruxure Power Monitoring Expert (pme),Ecostruxure Power Operation (epo) – Advanced Reporting And Dashboards Module,Ecostruxure Power Scada Operation (pso) - Advanced Reporting And Dashboards Module",8.2,HIGH,0.0006300000241026282,false,false,false,false,,false,false,2023-11-15T04:15:00.000Z,0
CVE-2023-5987,https://securityvulnerability.io/vulnerability/CVE-2023-5987,,"
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)
vulnerability that could cause a vulnerability leading to a cross site scripting condition where
attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing
the injected payload.

",Schneider Electric,"EcoStruxure Power Monitoring Expert (PME),EcoStruxure Power Operation (EPO) – Advanced Reporting and Dashboards Module,EcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards Module",6.1,MEDIUM,0.0006300000241026282,false,false,false,false,,false,false,2023-11-15T04:15:00.000Z,0
CVE-2018-7797,https://securityvulnerability.io/vulnerability/CVE-2018-7797,,"A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.",Schneider Electric,"Power Monitoring Expert, Energy Expert (formerly Power Manager) - Ecostruxureª Power Monitoring Expert (pme) V8.2 (all Editions), Ecostruxureª Energy Expert 1.3 (formerly Power Manager), Ecostruxureª Power Scada Operation (pso) 8.2 Advanced Reports And Dashboards Module, Ecostruxureª Power Monitoring Expert (pme) V9.0, Ecostruxureª Energy Expert V2.0, And Ecostruxureªpower Scada Operation (pso) 9.0 Advanced Reports And Dashboards Module",6.1,MEDIUM,0.0006900000153109431,false,false,false,false,,false,false,2018-12-17T22:00:00.000Z,0