CVE-2024-8401

🗓️ 28 Jan 2025 16:35:55Reported by schneiderType

CVE-2024-8401 permits authenticated attackers to alter folder names, risking Cross-site Scripting.

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the Power Monitoring Expert, Power Operation, and Power SCADA Operation software allows a perpetrator to carry out cross-site scripting attacks.	15 Nov 202400:00	–	bdu_fstec
Circl	CVE-2024-8401	14 Jan 202511:00	–	circl
CNNVD	Schneider Electric EcoStruxure Power Monitoring Expert 跨站脚本漏洞	28 Jan 202500:00	–	cnnvd
CVE	CVE-2024-8401	28 Jan 202516:35	–	cve
EUVD	EUVD-2024-49646	3 Oct 202520:07	–	euvd
ICS	Schneider Electric EcoStruxure	10 Sep 202400:00	–	ics
NVD	CVE-2024-8401	28 Jan 202517:15	–	nvd
Positive Technologies	PT-2024-8122 · Unknown · Power Scada Operation +2	10 Sep 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-8401	23 May 202507:19	–	redhatcve
Vulnrichment	CVE-2024-8401	28 Jan 202516:35	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Power Monitoring Expert (PME) 2021",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "2021 CU1 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Power Monitoring Expert (PME) 2020",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "2020 CU3 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Power Operation (EPO) 2022",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "CU4 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Power Operation (EPO) 2022 – Advanced Reporting and Dashboards Module",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "CU4 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Power Operation (EPO) 2021",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "CU4 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Power Operation (EPO) 2021 – Advanced Reporting and Dashboards Module",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "CU3 with Hotfix 2 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Power SCADA Operation 2020 (PSO) - Advanced Reporting and Dashboards Module",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All Versions"
      }
    ]
  }
]

Source	Link
download	www.download.schneider-electric.com/files

28 Jan 2025 16:35Current

CVSS 3.15.4

EPSS0.00098

CWE-79