Filtered by vendor Schneider-electric
                         Subscriptions
                    
                    
                
                        Filtered by product Ecostruxure Power Operation With Advanced Reports
                         Subscriptions
                    
                    
                
                    Total
                    6 CVE
                
            | CVE | Vendors | Products | Updated | CVSS v3.1 | 
|---|---|---|---|---|
| CVE-2025-54926 | 1 Schneider-electric | 2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports | 2025-08-25 | 7.2 High | 
| CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets executed. | ||||
| CVE-2025-54924 | 1 Schneider-electric | 2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports | 2025-08-25 | 7.5 High | 
| CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint. | ||||
| CVE-2025-54927 | 1 Schneider-electric | 2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports | 2025-08-25 | 4.9 Medium | 
| CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path input that is processed by the system. | ||||
| CVE-2025-54925 | 1 Schneider-electric | 2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports | 2025-08-25 | 7.5 High | 
| CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url. | ||||
| CVE-2025-54923 | 1 Schneider-electric | 2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports | 2025-08-25 | N/A | 
| CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exposed service that performs unsafe deserialization. | ||||
| CVE-2023-5391 | 1 Schneider-electric | 3 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports, Ecostruxure Power Scada Operation With Advanced Reports | 2025-02-27 | 9.8 Critical | 
| A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application. | ||||
                            
                                
                                
                                    Page 1 of 1.