VYPR

EcoStruxure Building Operation WebReports

by Schneider Electric

CVEs (5)

  • CVE-2020-7573Nov 19, 2020
    risk 0.00cvss epss 0.01

    A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control.

  • CVE-2020-7572Nov 19, 2020
    risk 0.00cvss epss 0.02

    A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial…

  • CVE-2020-7571Nov 19, 2020
    risk 0.00cvss epss 0.01

    A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect…

  • CVE-2020-7570Nov 19, 2020
    risk 0.00cvss epss 0.01

    A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to…

  • CVE-2020-7569Nov 19, 2020
    risk 0.00cvss epss 0.02

    A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and…