CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7546

A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.0%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

Products affected by CVE-2020-7546

Schneider-Electric » Ecostruxure Energy Expert » Version: 2.0

cpe:2.3:a:schneider-electric:ecostruxure_energy_expert:2.0
Schneider-Electric » Ecostruxure Power Monitoring Expert » Version: 7.0

cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:7.0
Schneider-Electric » Ecostruxure Power Monitoring Expert » Version: 8.0

cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:8.0
Schneider-Electric » Ecostruxure Power Monitoring Expert » Version: 9.0

cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:9.0
Schneider-Electric » Power Manager » Version: 1.1

cpe:2.3:a:schneider-electric:power_manager:1.1
Schneider-Electric » Power Manager » Version: 1.2

cpe:2.3:a:schneider-electric:power_manager:1.2
Schneider-Electric » Power Manager » Version: 1.3

cpe:2.3:a:schneider-electric:power_manager:1.3
Schneider-Electric » Powerscada Expert With Advanced Reporting And Dashboards » Version: 8.0

cpe:2.3:a:schneider-electric:powerscada_expert_with_advanced_reporting_and_dashboards:8.0
Schneider-Electric » Powerscada Operation With Advanced Reporting And Dashboards » Version: 9.0

cpe:2.3:a:schneider-electric:powerscada_operation_with_advanced_reporting_and_dashboards:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7546

Products

Pricing

Contact Us