Skip to main content

Ecostruxure Power Monitoring Expert

9 CVEs product

Monthly

CVE-2025-11739 HIGH CISA Act Now

CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization.

Deserialization RCE Ecostruxure Power Monitoring Expert Ecostruxure Power Operation
NVD VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2023-5987 MEDIUM PATCH This Month

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ecostruxure Power Monitoring Expert
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5986 MEDIUM This Month

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Redirect Ecostruxure Power Monitoring Expert
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5391 CRITICAL Act Now

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Ecostruxure Power Monitoring Expert Ecostruxure Power Operation With Advanced Reports Ecostruxure Power Scada Operation With Advanced Reports
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-28003 HIGH This Week

A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Power Monitoring Expert
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-7547 HIGH This Week

A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Energy Expert Ecostruxure Power Monitoring Expert Power Manager Powerscada Expert With Advanced Reporting And Dashboards +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-7546 MEDIUM This Month

A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ecostruxure Energy Expert Ecostruxure Power Monitoring Expert Power Manager Powerscada Expert With Advanced Reporting And Dashboards +1
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-7545 HIGH This Week

A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Ecostruxure Energy Expert Ecostruxure Power Monitoring Expert Power Manager +2
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2018-7797 MEDIUM This Month

A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Ecostruxure Energy Expert Ecostruxure Power Monitoring Expert Ecostruxure Power Scada Operation
NVD
CVSS 3.0
6.1
EPSS
0.8%
EPSS 0% CVSS 8.5
HIGH Act Now

CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization.

Deserialization RCE Ecostruxure Power Monitoring Expert +1
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ecostruxure Power Monitoring Expert
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Redirect Ecostruxure Power Monitoring Expert
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Ecostruxure Power Monitoring Expert +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Power Monitoring Expert
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Energy Expert Ecostruxure Power Monitoring Expert +3
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ecostruxure Energy Expert Ecostruxure Power Monitoring Expert +3
NVD
EPSS 2% CVSS 7.2
HIGH This Week

A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Ecostruxure Energy Expert +4
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Ecostruxure Energy Expert Ecostruxure Power Monitoring Expert +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy