Schneider Electric EcoStruxure Power Monitoring Expert up to 2020 Web Page Generation cross site scripting

A vulnerability was found in Schneider Electric EcoStruxure Power Monitoring Expert up to 2020 (SCADA Software). It has been declared as problematic. Affected by this vulnerability is an unknown code block of the component Web Page Generation Handler. Applying a patch is able to eliminate this problem.

Field01/12/2022 06:03 PM01/15/2022 09:51 AM
vendorSchneider ElectricSchneider Electric
nameEcoStruxure Power Monitoring ExpertEcoStruxure Power Monitoring Expert
version<=2020<=2020
componentWeb Page Generation HandlerWeb Page Generation Handler
cwe79 (cross site scripting)79 (cross site scripting)
risk11
cvss3_vuldb_avNN
cvss3_vuldb_acHH
cvss3_vuldb_prLL
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
identifierSEVD-2022-011-07SEVD-2022-011-07
urlhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07
namePatchPatch
cveCVE-2022-22804CVE-2022-22804
date1641942000 (01/12/2022)1641942000 (01/12/2022)
typeSCADA SoftwareSCADA Software
cvss2_vuldb_avNN
cvss2_vuldb_acHH
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss2_vuldb_basescore2.12.1
cvss2_vuldb_tempscore1.81.8
cvss3_vuldb_basescore2.62.6
cvss3_vuldb_tempscore2.52.5
cvss3_meta_basescore2.62.6
cvss3_meta_tempscore2.52.5
price_0day$0-$5k$0-$5k
cve_assigned1641510000

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!