Ecostruxure Power Operation With Advanced Reports CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (6 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-54926	1 Schneider-electric	2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports	2025-08-25	7.2 High
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets executed.
CVE-2025-54924	1 Schneider-electric	2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports	2025-08-25	7.5 High
CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint.
CVE-2025-54927	1 Schneider-electric	2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports	2025-08-25	4.9 Medium
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path input that is processed by the system.
CVE-2025-54925	1 Schneider-electric	2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports	2025-08-25	7.5 High
CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url.
CVE-2025-54923	1 Schneider-electric	2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports	2025-08-25	N/A
CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exposed service that performs unsafe deserialization.
CVE-2023-5391	1 Schneider-electric	3 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports, Ecostruxure Power Scada Operation With Advanced Reports	2025-02-27	9.8 Critical
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application.

Page 1 of 1.