EcoStruxure Power Monitoring Expert (PME) Security Vulnerabilities
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the softwareโs web application to redirect to the chosen domain after a successful login is....
8.2CVSS
6AI Score
0.0005EPSS
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victimโs browser run arbitrary JavaScript when they visit a page containing the injected....
6.1CVSS
6.1AI Score
0.0005EPSS
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their...
8.8CVSS
8.4AI Score
0.001EPSS
A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and...
6.1CVSS
6.1AI Score
0.001EPSS