Design/Logic Flaw

2020-12-0115:15:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.

CPENameOperatorVersion
ecostruxure_energy_experteq2.0
ecostruxure_power_monitoring_experteq9.0
ecostruxure_power_monitoring_experteq8.0
ecostruxure_power_monitoring_experteq7.0
power_managereq1.1
power_managereq1.2
power_managereq1.3
powerscada_expert_with_advanced_reporting_and_dashboardseq8.0
powerscada_operation_with_advanced_reporting_and_dashboardseq9.0

Name	Operator	Version
ecostruxure_energy_expert	eq	2.0
ecostruxure_power_monitoring_expert	eq	9.0
ecostruxure_power_monitoring_expert	eq	8.0
ecostruxure_power_monitoring_expert	eq	7.0
power_manager	eq	1.1
power_manager	eq	1.2
power_manager	eq	1.3
powerscada_expert_with_advanced_reporting_and_dashboards	eq	8.0
powerscada_operation_with_advanced_reporting_and_dashboards	eq	9.0

References

www.se.com/ww/en/download/document/SEVD-2020-287-04/