Schneider Electric Ecostruxure Power Commission
By the Year
In 2024 there have been 0 vulnerabilities in Schneider Electric Ecostruxure Power Commission . Last year Ecostruxure Power Commission had 4 security vulnerabilities published. Right now, Ecostruxure Power Commission is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 4 | 8.73 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Ecostruxure Power Commission vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Schneider Electric Ecostruxure Power Commission Security Vulnerabilities
A CWE-285: Improper Authorization vulnerability exists
CVE-2022-4062
7.8 - High
- February 01, 2023
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25)
AuthZ
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists
CVE-2022-22732
7.5 - High
- January 30, 2023
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)
Exposure of Resource to Wrong Sphere
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries
CVE-2022-22731
9.8 - Critical
- January 30, 2023
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)
Directory traversal
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries
CVE-2022-0223
9.8 - Critical
- January 30, 2023
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Schneider Electric Ecostruxure Power Commission or by Schneider Electric? Click the Watch button to subscribe.
