VYPR

Ecostruxure Power Monitoring Expert

by Schneider Electric

CVEs (8)

  • CVE-2023-5987Nov 15, 2023
    risk 0.00cvss epss 0.00

    A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page…

  • CVE-2023-5986Nov 15, 2023
    risk 0.00cvss epss 0.00

    A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after…

  • CVE-2023-5391Oct 4, 2023
    risk 0.00cvss epss 0.01

    A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application.

  • CVE-2023-28003Apr 18, 2023
    risk 0.00cvss epss 0.00

    A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account.

  • CVE-2022-22804Feb 4, 2022
    risk 0.00cvss epss 0.00

    A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the…

  • CVE-2022-22727Feb 4, 2022
    risk 0.00cvss epss 0.01

    A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user�s local machine when the user clicks a specially crafted link. Affected…

  • CVE-2022-22726Feb 4, 2022
    risk 0.00cvss epss 0.01

    A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)

  • CVE-2018-7797Dec 17, 2018
    risk 0.00cvss epss 0.01

    A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced…