Primary

Context

Schneider Electric EcoStruxure Power Products Cross-Site Scripting Vulnerability

Vulnerability

Patched

A cross-site scripting vulnerability has been identified in Schneider Electric's EcoStruxure Power Monitoring Expert (PME) 2021, PME 2020, Power Operation (EPO) 2022, and Power Operation 2021. This vulnerability allows authenticated attackers to modify folder names, potentially leading to the execution of malicious web code or unintended software behavior.

Impact

Exploitation of this vulnerability could result in the execution of malicious web code or unintended software operation.

Remediation

Users of EcoStruxure Power Monitoring Expert should upgrade to version 2021 CU2 or 2022. For EcoStruxure Power Operation, version 2022 CU5 is available, and users of the 2021 version should upgrade to 2021 CU3 with Hotfix 2. Instructions for downloading these updates are available on the Schneider Electric EcoXpert Software Center and the Schneider Electric Community.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

4.6

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

4.6

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Schneider Electric EcoStruxure Power Products Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Schneider Electric EcoStruxure Power Monitoring Expert

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating