Search criteria
12 vulnerabilities found for ecostruxure_energy_expert by schneider-electric
FKIE_CVE-2020-7545
Vulnerability from fkie_nvd - Published: 2020-12-01 15:15 - Updated: 2024-11-21 05:37
Severity ?
Summary
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_energy_expert:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF7DFC6-6F41-491B-A703-6AB0143FE5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6819EA7A-C803-480F-98DF-44DA144FE488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66E928C4-87C8-4BD6-9131-B7D558330CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0BEB4F4B-0B22-47CA-B173-C06C1A925348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:power_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC0093C-00CE-43A8-80EC-0509992E637B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:power_manager:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A1DF0-42B8-4123-8276-1D4BED156034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:power_manager:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "54A54A8D-40F5-4E75-A524-B81E487DB274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_expert_with_advanced_reporting_and_dashboards:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC2CF9D-8D0C-4FD3-94A2-34A63E297B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_operation_with_advanced_reporting_and_dashboards:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8F406C-868A-443C-8842-6CFFFF17C236",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-284:Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage."
},
{
"lang": "es",
"value": "Una CWE-284: Se presenta una vulnerabilidad Control de Acceso Inapropiado en el Software EcoStruxure\u00aa y SmartStruxure\u00aa Power Monitoring and SCADA (v\u00e9ase la notificaci\u00f3n de seguridad para la informaci\u00f3n de la versi\u00f3n) que podr\u00eda permitir una ejecuci\u00f3n de c\u00f3digo arbitraria en el servidor cuando un usuario autorizado accede a una p\u00e1gina web afectada"
}
],
"id": "CVE-2020-7545",
"lastModified": "2024-11-21T05:37:21.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-01T15:15:12.297",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-7546
Vulnerability from fkie_nvd - Published: 2020-12-01 15:15 - Updated: 2024-11-21 05:37
Severity ?
Summary
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_energy_expert:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF7DFC6-6F41-491B-A703-6AB0143FE5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6819EA7A-C803-480F-98DF-44DA144FE488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66E928C4-87C8-4BD6-9131-B7D558330CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0BEB4F4B-0B22-47CA-B173-C06C1A925348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:power_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC0093C-00CE-43A8-80EC-0509992E637B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:power_manager:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A1DF0-42B8-4123-8276-1D4BED156034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:power_manager:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "54A54A8D-40F5-4E75-A524-B81E487DB274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_expert_with_advanced_reporting_and_dashboards:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC2CF9D-8D0C-4FD3-94A2-34A63E297B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_operation_with_advanced_reporting_and_dashboards:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8F406C-868A-443C-8842-6CFFFF17C236",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage."
},
{
"lang": "es",
"value": "Una CWE-79: Se presenta una vulnerabilidad Neutralizaci\u00f3n Inapropiada de la Entrada Durante la Generaci\u00f3n de P\u00e1ginas Web en el Software EcoStruxure\u00aa y SmartStruxure\u00aa Power Monitoring and SCADA (v\u00e9ase la notificaci\u00f3n de seguridad para la informaci\u00f3n de la versi\u00f3n) que podr\u00eda permitir a un atacante llevar a cabo acciones en nombre del usuario autorizado cuando se acceder a un p\u00e1gina web afectada"
}
],
"id": "CVE-2020-7546",
"lastModified": "2024-11-21T05:37:21.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-01T15:15:12.563",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-7547
Vulnerability from fkie_nvd - Published: 2020-12-01 15:15 - Updated: 2024-11-21 05:37
Severity ?
Summary
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_energy_expert:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF7DFC6-6F41-491B-A703-6AB0143FE5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6819EA7A-C803-480F-98DF-44DA144FE488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66E928C4-87C8-4BD6-9131-B7D558330CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0BEB4F4B-0B22-47CA-B173-C06C1A925348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:power_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC0093C-00CE-43A8-80EC-0509992E637B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:power_manager:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A1DF0-42B8-4123-8276-1D4BED156034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:power_manager:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "54A54A8D-40F5-4E75-A524-B81E487DB274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_expert_with_advanced_reporting_and_dashboards:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC2CF9D-8D0C-4FD3-94A2-34A63E297B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_operation_with_advanced_reporting_and_dashboards:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8F406C-868A-443C-8842-6CFFFF17C236",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-284: Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level."
},
{
"lang": "es",
"value": "Una CWE-284: Se presenta una vulnerabilidad Control de Acceso Inapropiado en el Software EcoStruxure\u00aa y SmartStruxure\u00aa Power Monitoring and SCADA (v\u00e9ase la notificaci\u00f3n de seguridad para la informaci\u00f3n de la versi\u00f3n) que podr\u00eda permitir a un usuario la habilidad para llevar a cabo acciones por medio de la interfaz web en un nivel de privilegio elevado"
}
],
"id": "CVE-2020-7547",
"lastModified": "2024-11-21T05:37:21.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-01T15:15:12.657",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-7797
Vulnerability from fkie_nvd - Published: 2018-12-17 22:29 - Updated: 2024-11-21 04:12
Severity ?
Summary
A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@se.com | http://www.securityfocus.com/bid/106277 | Third Party Advisory, VDB Entry | |
| cybersecurity@se.com | https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106277 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_energy_expert:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2914DC-CBEC-4518-AD91-94C77057785F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_energy_expert:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF7DFC6-6F41-491B-A703-6AB0143FE5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEB1EB8-B19E-4BF8-B937-CBADE605FCE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0BEB4F4B-0B22-47CA-B173-C06C1A925348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_scada_operation:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEF733D-78EE-41F5-9267-DF5466D32ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_scada_operation:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD0F3ED-6932-4CBE-A517-547213CF88E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de redirecci\u00f3n de URL en Power Monitoring Expert, Energy Expert (anteriormente Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (todas las ediciones), EcoStruxure Energy Expert 1.3 (anteriormente Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0 y EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module, lo que podr\u00eda provocar un ataque de phishing cuando se redirecciona a un sitio malicioso."
}
],
"id": "CVE-2018-7797",
"lastModified": "2024-11-21T04:12:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-17T22:29:00.220",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106277"
},
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-7547 (GCVE-0-2020-7547)
Vulnerability from cvelistv5 – Published: 2020-12-01 14:44 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) |
Affected:
EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-284: Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284:Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T14:44:52",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-284: Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284:Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7547",
"datePublished": "2020-12-01T14:44:52",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7546 (GCVE-0-2020-7546)
Vulnerability from cvelistv5 – Published: 2020-12-01 14:44 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) |
Affected:
EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T14:44:31",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7546",
"datePublished": "2020-12-01T14:44:31",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7545 (GCVE-0-2020-7545)
Vulnerability from cvelistv5 – Published: 2020-12-01 14:44 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) |
Affected:
EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-284:Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284:Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T14:44:10",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-284:Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284:Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7545",
"datePublished": "2020-12-01T14:44:10",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7797 (GCVE-0-2018-7797)
Vulnerability from cvelistv5 – Published: 2018-12-17 22:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.
Severity ?
No CVSS data available.
CWE
- URL redirection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric SE | Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxureª Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxureª Energy Expert 1.3 (formerly Power Manager), EcoStruxureª Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxureª Power Monitoring Expert (PME) v9.0, EcoStruxureª Energy Expert v2.0, and EcoStruxureªPower SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module |
Affected:
EcoStruxureª
Affected: Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxureª Affected: Energy Expert 1.3 (formerly Power Manager), EcoStruxureª Affected: Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxureª Affected: Power Monitoring Expert (PME) v9.0, EcoStruxureª Affected: Energy Expert v2.0, and EcoStruxureª Affected: Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106277"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa; Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa; Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa; Energy Expert v2.0, and EcoStruxure\u0026#xaa;Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Energy Expert v2.0, and EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module"
}
]
}
],
"datePublic": "2018-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URL redirection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-22T10:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"name": "106277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106277"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa; Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa; Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa; Energy Expert v2.0, and EcoStruxure\u0026#xaa;Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u0026#xaa"
},
{
"version_value": "Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa"
},
{
"version_value": "Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa"
},
{
"version_value": "Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa"
},
{
"version_value": "Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa"
},
{
"version_value": "Energy Expert v2.0, and EcoStruxure\u0026#xaa"
},
{
"version_value": "Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL redirection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106277"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7797",
"datePublished": "2018-12-17T22:00:00",
"dateReserved": "2018-03-08T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7547 (GCVE-0-2020-7547)
Vulnerability from nvd – Published: 2020-12-01 14:44 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) |
Affected:
EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-284: Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284:Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T14:44:52",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-284: Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284:Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7547",
"datePublished": "2020-12-01T14:44:52",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7546 (GCVE-0-2020-7546)
Vulnerability from nvd – Published: 2020-12-01 14:44 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) |
Affected:
EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T14:44:31",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7546",
"datePublished": "2020-12-01T14:44:31",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7545 (GCVE-0-2020-7545)
Vulnerability from nvd – Published: 2020-12-01 14:44 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) |
Affected:
EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-284:Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284:Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T14:44:10",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-284:Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284:Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7545",
"datePublished": "2020-12-01T14:44:10",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7797 (GCVE-0-2018-7797)
Vulnerability from nvd – Published: 2018-12-17 22:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.
Severity ?
No CVSS data available.
CWE
- URL redirection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric SE | Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxureª Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxureª Energy Expert 1.3 (formerly Power Manager), EcoStruxureª Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxureª Power Monitoring Expert (PME) v9.0, EcoStruxureª Energy Expert v2.0, and EcoStruxureªPower SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module |
Affected:
EcoStruxureª
Affected: Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxureª Affected: Energy Expert 1.3 (formerly Power Manager), EcoStruxureª Affected: Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxureª Affected: Power Monitoring Expert (PME) v9.0, EcoStruxureª Affected: Energy Expert v2.0, and EcoStruxureª Affected: Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106277"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa; Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa; Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa; Energy Expert v2.0, and EcoStruxure\u0026#xaa;Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Energy Expert v2.0, and EcoStruxure\u0026#xaa"
},
{
"status": "affected",
"version": "Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module"
}
]
}
],
"datePublic": "2018-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URL redirection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-22T10:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"name": "106277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106277"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa; Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa; Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa; Energy Expert v2.0, and EcoStruxure\u0026#xaa;Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u0026#xaa"
},
{
"version_value": "Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa"
},
{
"version_value": "Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa"
},
{
"version_value": "Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa"
},
{
"version_value": "Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa"
},
{
"version_value": "Energy Expert v2.0, and EcoStruxure\u0026#xaa"
},
{
"version_value": "Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL redirection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106277"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7797",
"datePublished": "2018-12-17T22:00:00",
"dateReserved": "2018-03-08T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}