CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
EPSS
Percentile
17.0%
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input
attackers can cause the software’s web application to redirect to the chosen domain after a
successful login is performed.
Vendor | Product | Version | CPE |
---|---|---|---|
schneider-electric | ecostruxure_power_monitoring_expert | 2020 | cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:-:*:*:*:*:*:* |
schneider-electric | ecostruxure_power_monitoring_expert | 2020 | cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:cumulative_update_1:*:*:*:*:*:* |
schneider-electric | ecostruxure_power_monitoring_expert | 2020 | cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2020:cumulative_update_2:*:*:*:*:*:* |
schneider-electric | ecostruxure_power_monitoring_expert | 2021 | cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2021:-:*:*:*:*:*:* |
schneider-electric | ecostruxure_power_monitoring_expert | 2021 | cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2021:cumulative_update_1:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Monitoring Expert (PME)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Version 2020 CU2 and prior"
},
{
"status": "affected",
"version": "Version 2021 CU1 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power Operation (EPO) – Advanced Reporting and Dashboards Module",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Advanced Reporting and Dashboards Module 2021 prior to CU2 for EcoStruxure Power Operation 2021"
},
{
"status": "affected",
"version": "Advanced Reporting and Dashboards Module 2020 prior to CU3"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EcoStruxure Power SCADA Operation (PSO) - Advanced Reporting and Dashboards Module",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "EcoStruxure Power SCADA Operation (PSO) 2020 or 2020 R2"
}
]
}
]