VDB
SEVD-2022-347-03
SEVD-2022-347-03
PUBLISHED
CVSS 7.800000190734863 HIGH
Schneider Electric is aware of multiple vulnerabilities in its EcoStruxure Power Commission software product. The EcoStruxure Power Commission software is an intelligent software that helps you easily set up, test, and commission the electrical products and systems in your switchboards. Failure to apply the remediations provided below may risk unauthorized access to application and information disclosure, which could result in loss of data integrity and confidentiality.
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric EcoStruxure Power Commission version prior to 2.25 | ||
| Schneider Electric EcoStruxure Power Commission version 2.26 |
Timeline
- Dec 13, 2022 CVE Published
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-347-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-347-03_EcoStruxure_Power_Commission_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-347-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2022-347-03.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ url
- https://www.se.com/ww/en/product-range/62980-ecostruxure-power-commission/#software-and-firmware fix