← Back

CVE-2020-7546

nvd nist
Published: Dec 1, 2020Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.

Affected (9)

Schneider Electric
5 products
Ecostruxure Energy Expert
Ecostruxure Power Monitoring Expert
Power Manager
Powerscada Expert With Advanced Reporting And Dashboards
Powerscada Operation With Advanced Reporting And Dashboards
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Ecostruxure Energy Expert
Version 2.0
Ecostruxure Power Monitoring Expert
Version 7.0
Ecostruxure Power Monitoring Expert
Version 8.0
Ecostruxure Power Monitoring Expert
Version 9.0
Power Manager
Version 1.1
Power Manager
Version 1.2
Power Manager
Version 1.3
Powerscada Expert With Advanced Reporting And Dashboards
Version 8.0
Powerscada Operation With Advanced Reporting And Dashboards
Version 9.0

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

Source: cybersecurity@se.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.