cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-8401,https://securityvulnerability.io/vulnerability/CVE-2024-8401,Cross-Site Scripting Vulnerability in Schneider Electric Products,"A cross-site scripting vulnerability exists in Schneider Electric products, which allows authenticated attackers to manipulate folder names. This can lead to the injection of malicious scripts, enabling attackers to execute harmful code in the context of a user's session. Users should ensure they are using the latest software versions and follow security best practices to mitigate potential risks.",Schneider Electric,"Ecostruxure Power Monitoring Expert (pme) 2021,Ecostruxure Power Monitoring Expert (pme) 2020,Ecostruxure Power Operation (epo) 2022,Ecostruxure Power Operation (epo) 2022 – Advanced Reporting And Dashboards Module,Ecostruxure Power Operation (epo) 2021,Ecostruxure Power Operation (epo) 2021 – Advanced Reporting And Dashboards Module,Ecostruxure Power Scada Operation 2020 (pso) - Advanced Reporting And Dashboards Module",5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T16:35:55.532Z,0
CVE-2024-9005,https://securityvulnerability.io/vulnerability/CVE-2024-9005,Remote Code Execution Vulnerability,"A vulnerability exists in Schneider Electric's web server products that allows an attacker to remotely execute code on the server. This issue arises when unsafely deserialized data is posted to the server, creating a pathway for exploitation. An attacker could craft a malicious payload to take advantage of this flaw, leading to potential unauthorized access and control over the affected system. It is crucial for users of these products to assess their security posture and implement appropriate mitigations to safeguard against such threats.",Schneider Electric,Ecostruxure Power Monitoring Expert (pme),7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-08T10:22:06.939Z,0
CVE-2023-5987,https://securityvulnerability.io/vulnerability/CVE-2023-5987,Cross-site Scripting Vulnerability in Schneider Electric Products,"A vulnerability exists due to improper neutralization of input during web page generation, enabling cross-site scripting attacks. This allows attackers to inject malicious payloads that can execute arbitrary JavaScript in a victim's browser when they visit a compromised page. Users of affected Schneider Electric products must implement security best practices to mitigate potential exploits.",Schneider Electric,"EcoStruxure Power Monitoring Expert (PME),EcoStruxure Power Operation (EPO) – Advanced Reporting and Dashboards Module,EcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards Module",6.1,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-11-15T04:15:00.000Z,0
CVE-2023-5986,https://securityvulnerability.io/vulnerability/CVE-2023-5986,URL Redirection Vulnerability in Schneider Electric's Web Application,"A security vulnerability exists that allows for URL redirection to untrusted sites, potentially leading to cross-site scripting attacks. This occurs when attackers provide a URL-encoded input that manipulates the web application to redirect to malicious domains after the user successfully logs in. Such vulnerabilities can compromise user data and trust, making it essential for users to update their systems and ensure proper security measures are in place.",Schneider Electric,"Ecostruxure Power Monitoring Expert (pme),Ecostruxure Power Operation (epo) – Advanced Reporting And Dashboards Module,Ecostruxure Power Scada Operation (pso) - Advanced Reporting And Dashboards Module",8.2,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-11-15T04:15:00.000Z,0
CVE-2023-5391,https://securityvulnerability.io/vulnerability/CVE-2023-5391,Deserialization Vulnerability in Schneider Electric's Software,"A deserialization vulnerability exists within Schneider Electric's software, allowing attackers to send specially crafted packets to the application. If exploited, this could enable the execution of arbitrary code on the targeted system, posing significant risks to its functionality and security. Organizations using affected software should implement mitigative measures promptly.",Schneider Electric,"EcoStruxure Power Monitoring Expert,EcoStruxure Power Operation (EPO) with Advanced Reports,EcoStruxure Power SCADA Operation with Advanced Reports",9.8,CRITICAL,0.0023900000378489494,false,,false,false,false,,,false,false,,2023-10-04T19:15:00.000Z,0
CVE-2023-28003,https://securityvulnerability.io/vulnerability/CVE-2023-28003,Insufficient Session Expiration in PME from Schneider Electric,"A vulnerability has been identified in PME, where an insufficient session expiration issue allows an attacker to exploit a hijacked session, retaining unauthorized access even after the legitimate user has logged out. This vulnerability raises concerns regarding user privacy and data security, emphasizing the need for robust session management practices to protect sensitive information from unauthorized access.",Schneider Electric,Ecostruxure Power Monitoring Expert,6.7,MEDIUM,0.0014199999859556556,false,,false,false,false,,,false,false,,2023-04-18T21:15:00.000Z,0
CVE-2022-22804,https://securityvulnerability.io/vulnerability/CVE-2022-22804,Cross-Site Scripting Vulnerability in EcoStruxure Power Monitoring Expert by Schneider Electric,"There exists a cross-site scripting (XSS) vulnerability in EcoStruxure Power Monitoring Expert that allows an authenticated attacker to inject malicious scripts. This vulnerability can enable attackers to manipulate web pages and potentially view sensitive data, alter configuration settings, or disrupt the software's availability when users interact with compromised pages containing the malicious payload. The issue primarily affects versions of the product released in 2020 and earlier. It is essential for users to apply necessary updates and security best practices to mitigate the risk of exploitation.",Schneider Electric,Ecostruxure Power Monitoring Expert (versions 2020 And Prior),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-02-04T22:29:39.000Z,0
CVE-2022-22727,https://securityvulnerability.io/vulnerability/CVE-2022-22727,Improper Input Validation in EcoStruxure Power Monitoring Expert by Schneider Electric,"An improper input validation vulnerability exists in EcoStruxure Power Monitoring Expert that enables unauthenticated attackers to view sensitive data, modify system settings, or disrupt service availability. This issue arises when users interact with specially crafted links, which may also compromise a user's local machine. The vulnerability primarily affects version 2020 and earlier of the product, highlighting the importance of prompt security measures to safeguard against potential exploitation.",Schneider Electric,Ecostruxure Power Monitoring Expert (versions 2020 And Prior),8.8,HIGH,0.0026100000832229853,false,,false,false,false,,,false,false,,2022-02-04T22:29:38.000Z,0
CVE-2022-22726,https://securityvulnerability.io/vulnerability/CVE-2022-22726,Improper Input Validation in Schneider Electric EcoStruxure Power Monitoring Expert,"An improper input validation flaw exists in Schneider Electric's EcoStruxure Power Monitoring Expert that permits authenticated users to access arbitrary files on the server. This vulnerability arises from a limited operating system service account, which could potentially allow unauthorized data exposure. Users utilizing versions of this product released in 2020 and earlier should be aware and take precautionary measures to safeguard their systems.",Schneider Electric,Ecostruxure Power Monitoring Expert (versions 2020 And Prior),6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-02-04T22:29:38.000Z,0
CVE-2021-22827,https://securityvulnerability.io/vulnerability/CVE-2021-22827,Improper Input Validation in EcoStruxure Power Monitoring Expert by Schneider Electric,"An improper input validation vulnerability has been identified in Schneider Electric's EcoStruxure Power Monitoring Expert, which could potentially allow an attacker to execute arbitrary code. This issue arises when a user visits a specific page that contains a maliciously crafted payload. This vulnerability highlights the importance of adequate input validation measures in software applications to prevent unauthorized actions and maintain system integrity.",Schneider Electric,Ecostruxure Power Monitoring Expert,8.8,HIGH,0.003490000031888485,false,,false,false,false,,,false,false,,2022-01-28T19:09:39.000Z,0
CVE-2021-22826,https://securityvulnerability.io/vulnerability/CVE-2021-22826,Improper Input Validation in EcoStruxure Power Monitoring Expert by Schneider Electric,"A vulnerability exists in EcoStruxure Power Monitoring Expert due to improper input validation, allowing an attacker to execute arbitrary code when a user visits a page with a maliciously injected payload. This may compromise the system's integrity and lead to unauthorized access or control. Users are advised to apply updates to mitigate potential risks associated with this flaw.",Schneider Electric,Ecostruxure Power Monitoring Expert,8.8,HIGH,0.003490000031888485,false,,false,false,false,,,false,false,,2022-01-28T19:09:38.000Z,0
CVE-2018-7797,https://securityvulnerability.io/vulnerability/CVE-2018-7797,,"A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.",Schneider Electric,"Power Monitoring Expert, Energy Expert (formerly Power Manager) - Ecostruxureª Power Monitoring Expert (pme) V8.2 (all Editions), Ecostruxureª Energy Expert 1.3 (formerly Power Manager), Ecostruxureª Power Scada Operation (pso) 8.2 Advanced Reports And Dashboards Module, Ecostruxureª Power Monitoring Expert (pme) V9.0, Ecostruxureª Energy Expert V2.0, And Ecostruxureªpower Scada Operation (pso) 9.0 Advanced Reports And Dashboards Module",6.1,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2018-12-17T22:00:00.000Z,0