← Back

Ecostruxure Power Commission

ecostruxure_power_commission

Vendor: Schneider Electric • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-4062
1Schneider Electric
1Ecostruxure Power Commission
Nov 21, 2024
Feb 1, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission applicatio...Show more
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25)Show less
CVE-2022-22732
1Schneider Electric
1Ecostruxure Power Commission
Nov 21, 2024
Jan 30, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site...Show more
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)Show less
CVE-2022-22731
1Schneider Electric
1Ecostruxure Power Commission
Nov 21, 2024
Jan 30, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code...Show more
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)Show less
CVE-2022-0223
1Schneider Electric
1Ecostruxure Power Commission
Nov 21, 2024
Jan 30, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as prog...Show more
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)Show less