CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

60 matches found

CNNVD•added 2026/02/11 12:0 a.m.•3 views

Schneider Electric EcoStruxure Building Operation Workstation 代码注入漏洞

Schneider Electric EcoStruxure Building Operation Workstation is a specialized operational terminal component developed by Schneider Electric, a French company. The Schneider Electric EcoStruxure Building Operation Workstation has a code injection vulnerability, which stems from improper code...

7CVSS6AI score0.00034EPSS

Exploits0References2

CNNVD•added 2026/02/11 12:0 a.m.•3 views

Schneider Electric EcoStruxure Building Operation Workstation 代码问题漏洞

Schneider Electric EcoStruxure Building Operation Workstation is a specialized operational terminal component developed by Schneider Electric, a French company. There is a code vulnerability in the Schneider Electric EcoStruxure Building Operation Workstation. This vulnerability stems from improp...

7CVSS5.9AI score0.00028EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 9:59 a.m.•5 views

CVE-2020-7572

A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server...

8.8CVSS7.3AI score0.00466EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:58 a.m.•12 views

CVE-2020-7573

A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control...

6.5CVSS6.9AI score0.00199EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-28698

Malware in sbrugna...

6.5CVSS6.4AI score0.00199EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-20693

Malware in sbrugna...

7CVSS7.3AI score0.00068EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-28694

Malware in sbrugna...

8.8CVSS8.7AI score0.0145EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2020-20694

Malware in sbrugna...

6.1CVSS6.2AI score0.00373EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-28697

Malware in sbrugna...

8.8CVSS8.7AI score0.00466EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2020-28696

Malware in sbrugna...

5.4CVSS5.5AI score0.00187EPSS

Exploits0References2

CNNVD•added 2025/08/20 12:0 a.m.•2 views

Schneider Electric多款产品资源管理错误漏洞

Schneider Electric EcoStruxure Building Operation Enterprise Server and Schneider Electric EcoStruxure Enterprise Server are both products of Schneider Electric, a French company. Schneider Electric EcoStruxure Building Operation Enterprise Server is an enterprise-class building control system. T...

4.1CVSS6.7AI score0.0003EPSS

Exploits0References2

Positive Technologies•added 2025/08/12 12:0 a.m.•4 views

PT-2025-34060

Name of the Vulnerable Software and Affected Versions: BMS affected versions not specified Description: An uncontrolled resource consumption issue exists that may lead to a denial of service. An authenticated user sending a specially crafted request to a specific endpoint within the BMS network c...

4.3CVSS6.1AI score0.0003EPSS

Exploits0References9

RedhatCVE•added 2025/05/22 4:49 p.m.•9 views

CVE-2020-7570

A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting Stored vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect...

5.4CVSS5.8AI score0.00187EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:49 p.m.•11 views

CVE-2020-7571

A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation Cross-site Scripting Reflected vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of use...

5.4CVSS6.2AI score0.00187EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 3:26 p.m.•8 views

CVE-2020-28210

A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser...

6.1CVSS6.7AI score0.00373EPSS

Exploits0

RedhatCVE•added 2025/05/22 3:8 p.m.•10 views

CVE-2020-7569

A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code...

8.8CVSS7.5AI score0.0145EPSS

Exploits0References1

ICS•added 2021/03/04 12:0 a.m.•283 views

ICSA-21-063-02_Schneider Electric EcoStruxure Building Operation (EBO)

1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EcoStruxure Building Operation Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Improper Restriction of XML External Entity...

8.8CVSS8.5AI score0.0145EPSS

Exploits0References2

CNVD•added 2020/11/20 12:0 a.m.•6 views

Schneider Electric EcoStruxure Building Operation WebStation Cross-Site Scripting Vulnerability

The EcoStruxure Building Operation WebStation is a web-based user interface for daily operations in the EcoStruxure BMS. A cross-site scripting vulnerability exists in EcoStruxure Building Operation WebStation 2.0 - 3.1. An attacker can exploit this vulnerability to inject HTML and JavaScript cod...

6.1CVSS6AI score0.00373EPSS

Exploits0References1

CNVD•added 2020/11/20 12:0 a.m.•9 views

Schneider Electric EcoStruxure Building Operation WebReports XML External Entity References Improperly Restricted Vulnerability

EcoStruxure Building Operation WebReports is a web application for creating, viewing and managing reports. An improperly restricted XML external entity reference vulnerability exists in EcoStruxure Building Operation WebReports 1.9 - 3.1. The vulnerability stems from a misconfiguration of the XML...

8.8CVSS6.8AI score0.00466EPSS

Exploits0References1

CNVD•added 2020/11/20 12:0 a.m.•9 views

Schneider Electric EcoStruxure Building Operation WebReports Improper Access Control Vulnerability

EcoStruxure Building Operation WebReports is a web application for creating, viewing and managing reports. An improper access control vulnerability exists in EcoStruxure Building Operation WebReports 1.9 - 3.1. A remote attacker could exploit this vulnerability to access restricted web resources...

6.5CVSS6.8AI score0.00199EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by