Schneider-electric Ecostruxure Power Monitoring Expert — known CVE vulnerabilities
Every CVE whose affected-product data names Schneider-electric Ecostruxure Power Monitoring Expert, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2023-5391 — CVSS 9.8 (critical): A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted…
CVE-2022-22727 — CVSS 8.8 (high): A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact…
CVE-2020-7547 — CVSS 8.8 (high): A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see…
CVE-2021-22826 — CVSS 8.8 (high): A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing…
CVE-2021-22827 — CVSS 8.8 (high): A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing…
CVE-2023-5986 — CVSS 8.2 (high): A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site…
CVE-2025-11739 — CVSS 7.8 (high): CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges…
CVE-2020-7545 — CVSS 7.2 (high): A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see…
CVE-2023-28003 — CVSS 6.7 (medium): A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a…
CVE-2022-22726 — CVSS 6.5 (medium): A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users…
CVE-2023-5987 — CVSS 6.1 (medium): A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability…
CVE-2018-7797 — CVSS 6.1 (medium): A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring…
CVE-2020-7546 — CVSS 5.4 (medium): A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power…
CVE-2022-22804 — CVSS 5.4 (medium): A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an…