Описание
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:schneider-electric:ecostruxure_energy_expert:2.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:7.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:8.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:9.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:power_manager:1.1:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:power_manager:1.2:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:power_manager:1.3:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:powerscada_expert_with_advanced_reporting_and_dashboards:8.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:powerscada_operation_with_advanced_reporting_and_dashboards:9.0:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00462
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-284
NVD-CWE-Other
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.
EPSS
Процентиль: 64%
0.00462
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-284
NVD-CWE-Other