Schneider Electric Ecostruxure Power Monitoring Expert vulnerabilities

12 known vulnerabilities affecting schneider_electric/ecostruxure_power_monitoring_expert.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH7MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2025-11739HIGHCVSS 8.5vVersion 2022vVersion 2023+3 more2026-03-10
CVE-2025-11739 [HIGH] CWE-502 CVE-2025-11739: CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code exec CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization.
cvelistv5nvd
CVE-2025-54923HIGHCVSS 8.7vVersion 2022vVersion 2023+2 more2025-08-20
CVE-2025-54923 [HIGH] CWE-502 CVE-2025-54923: CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code executi CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exposed service that performs unsafe deserialization.
cvelistv5nvd
CVE-2025-54926HIGHCVSS 7.2vVersion 2022vVersion 2023+2 more2025-08-20
CVE-2025-54926 [HIGH] CWE-22 CVE-2025-54926: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets executed.
cvelistv5nvd
CVE-2025-54924HIGHCVSS 7.5vVersion 2022vVersion 2023+2 more2025-08-20
CVE-2025-54924 [HIGH] CWE-918 CVE-2025-54924: CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized acces CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint.
cvelistv5nvd
CVE-2025-54925HIGHCVSS 7.5vVersion 2022vVersion 2023+2 more2025-08-20
CVE-2025-54925 [HIGH] CWE-918 CVE-2025-54925: CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized acces CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url.
cvelistv5nvd
CVE-2025-54927MEDIUMCVSS 4.9vVersion 2022vVersion 2023+2 more2025-08-20
CVE-2025-54927 [MEDIUM] CWE-22 CVE-2025-54927: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path input that is processed by the system.
cvelistv5nvd
CVE-2025-6788MEDIUMCVSS 5.3≥ 2023, < All≥ 2023 R2, < All+2 more2025-07-11
CVE-2025-6788 [MEDIUM] CWE-668 CVE-2025-6788: A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resou A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML diagrams.
cvelistv5nvd
CVE-2024-9005HIGHCVSS 7.3vVersion 2022 and prior2024-10-08
CVE-2024-9005 [HIGH] CWE-502 CVE-2024-9005: CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server.
cvelistv5nvd
CVE-2023-5986MEDIUMCVSS 6.1vVersion 2020 CU2 and priorvVersion 2021 CU1 and prior2023-11-15
CVE-2023-5986 [MEDIUM] CWE-601 CVE-2023-5986: A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect v A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is performed.
cvelistv5nvd
CVE-2023-5987MEDIUMCVSS 6.1vVersion 2020 CU2 and priorvVersion 2021 CU1 and prior2023-11-15
CVE-2023-5987 [MEDIUM] CWE-79 CVE-2023-5987: A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnera A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload.
cvelistv5nvd
CVE-2023-5391CRITICALCVSS 9.8vAll versions – prior to application of Hotfix-1452712023-10-04
CVE-2023-5391 [CRITICAL] CWE-502 CVE-2023-5391: A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application.
cvelistv5nvd
CVE-2023-28003HIGHCVSS 8.8≥ All , ≤ PME 20222023-04-18
CVE-2023-28003 [HIGH] CWE-613 CVE-2023-28003: A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to m A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account.
cvelistv5nvd