VYPR

Building Operation WebReports

by EcoStruxure

CVEs (6)

  • CVE-2020-7572HigNov 19, 2020
    risk 0.57cvss 8.8epss 0.02

    A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial…

  • CVE-2020-7569HigNov 19, 2020
    risk 0.57cvss 8.8epss 0.02

    A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and…

  • CVE-2020-7573MedNov 19, 2020
    risk 0.42cvss 6.5epss 0.01

    A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control.

  • CVE-2020-28210MedNov 19, 2020
    risk 0.40cvss 6.1epss 0.01

    A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser.

  • CVE-2020-7571MedNov 19, 2020
    risk 0.35cvss 5.4epss 0.01

    A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect…

  • CVE-2020-7570MedNov 19, 2020
    risk 0.35cvss 5.4epss 0.01

    A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to…