Schneider-Electric: >> Ecostruxure Power Monitoring Expert >> 2021 Security Vulnerabilities
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input
attackers can cause the software’s web application to redirect to the chosen domain after a
successful login is performed.
CVSS Score
8.2
EPSS Score
0.002
Published
2023-11-15
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)
vulnerability that could cause a vulnerability leading to a cross site scripting condition where
attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing
the injected payload.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-11-15
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to
execute arbitrary code on the targeted system by sending a specifically crafted packet to the
application.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-10-04
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to
maintain unauthorized access over a hijacked session in PME after the legitimate user has
signed out of their account.
CVSS Score
6.7
EPSS Score
0.002
Published
2023-04-18