cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-8401,https://securityvulnerability.io/vulnerability/CVE-2024-8401,Cross-Site Scripting Vulnerability in Schneider Electric Products,"A cross-site scripting vulnerability exists in Schneider Electric products, which allows authenticated attackers to manipulate folder names. This can lead to the injection of malicious scripts, enabling attackers to execute harmful code in the context of a user's session. Users should ensure they are using the latest software versions and follow security best practices to mitigate potential risks.",Schneider Electric,"Ecostruxure Power Monitoring Expert (pme) 2021,Ecostruxure Power Monitoring Expert (pme) 2020,Ecostruxure Power Operation (epo) 2022,Ecostruxure Power Operation (epo) 2022 – Advanced Reporting And Dashboards Module,Ecostruxure Power Operation (epo) 2021,Ecostruxure Power Operation (epo) 2021 – Advanced Reporting And Dashboards Module,Ecostruxure Power Scada Operation 2020 (pso) - Advanced Reporting And Dashboards Module",5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T16:35:55.532Z,0
CVE-2024-9005,https://securityvulnerability.io/vulnerability/CVE-2024-9005,Remote Code Execution Vulnerability,"A vulnerability exists in Schneider Electric's web server products that allows an attacker to remotely execute code on the server. This issue arises when unsafely deserialized data is posted to the server, creating a pathway for exploitation. An attacker could craft a malicious payload to take advantage of this flaw, leading to potential unauthorized access and control over the affected system. It is crucial for users of these products to assess their security posture and implement appropriate mitigations to safeguard against such threats.",Schneider Electric,Ecostruxure Power Monitoring Expert (pme),7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-08T10:22:06.939Z,0
CVE-2023-5986,https://securityvulnerability.io/vulnerability/CVE-2023-5986,URL Redirection Vulnerability in Schneider Electric's Web Application,"A security vulnerability exists that allows for URL redirection to untrusted sites, potentially leading to cross-site scripting attacks. This occurs when attackers provide a URL-encoded input that manipulates the web application to redirect to malicious domains after the user successfully logs in. Such vulnerabilities can compromise user data and trust, making it essential for users to update their systems and ensure proper security measures are in place.",Schneider Electric,"Ecostruxure Power Monitoring Expert (pme),Ecostruxure Power Operation (epo) – Advanced Reporting And Dashboards Module,Ecostruxure Power Scada Operation (pso) - Advanced Reporting And Dashboards Module",8.2,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-11-15T04:15:00.000Z,0
CVE-2023-5987,https://securityvulnerability.io/vulnerability/CVE-2023-5987,Cross-site Scripting Vulnerability in Schneider Electric Products,"A vulnerability exists due to improper neutralization of input during web page generation, enabling cross-site scripting attacks. This allows attackers to inject malicious payloads that can execute arbitrary JavaScript in a victim's browser when they visit a compromised page. Users of affected Schneider Electric products must implement security best practices to mitigate potential exploits.",Schneider Electric,"EcoStruxure Power Monitoring Expert (PME),EcoStruxure Power Operation (EPO) – Advanced Reporting and Dashboards Module,EcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards Module",6.1,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-11-15T04:15:00.000Z,0
CVE-2018-7797,https://securityvulnerability.io/vulnerability/CVE-2018-7797,,"A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.",Schneider Electric,"Power Monitoring Expert, Energy Expert (formerly Power Manager) - Ecostruxureª Power Monitoring Expert (pme) V8.2 (all Editions), Ecostruxureª Energy Expert 1.3 (formerly Power Manager), Ecostruxureª Power Scada Operation (pso) 8.2 Advanced Reports And Dashboards Module, Ecostruxureª Power Monitoring Expert (pme) V9.0, Ecostruxureª Energy Expert V2.0, And Ecostruxureªpower Scada Operation (pso) 9.0 Advanced Reports And Dashboards Module",6.1,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2018-12-17T22:00:00.000Z,0