CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-9997
https://notcve.org/view.php?id=CVE-2025-9997
09 Sep 2025 — CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-252-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-252-02.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-9996
https://notcve.org/view.php?id=CVE-2025-9996
09 Sep 2025 — CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-252-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-252-02.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2025-7746
https://notcve.org/view.php?id=CVE-2025-7746
09 Sep 2025 — CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause an unvalidated data injected by a malicious user potentially leading to modify or read data in a victim’s browser. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-252-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-252-01.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-8453
https://notcve.org/view.php?id=CVE-2025-8453
20 Aug 2025 — CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts. CWE-269: Existe una vulnerabilidad de administración inadecuada de privilegios que podría provocar una escalada de privilegios y la ejecución de código arbitrario cuando un usuario ingeniero privilegiado con acceso a la consola modifica un archivo ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-224-01.pdf • CWE-269: Improper Privilege Management •
CVSS: 8.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-6625
https://notcve.org/view.php?id=CVE-2025-6625
18 Aug 2025 — CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device. CWE-20: Existe una vulnerabilidad de validación de entrada incorrecta que podría provocar una denegación de servicio cuando se envía un comando FTP específico al dispositivo. CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-224-05.pdf • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54923 – Schneider Electric EcoStruxure Power Monitoring Expert GetFilteredSinkProvider Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-54923
12 Aug 2025 — CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exposed service that performs unsafe deserialization. CWE-502: Existe una vulnerabilidad de deserialización de datos no confiables que podría provocar la ejecución remota de código y comprometer la integridad del sistema cuando usuarios autenticados envían datos manipulados a un servicio expuesto a la red que realiza... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-224-02.pdf • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54924 – Schneider Electric EcoStruxure Power Monitoring Expert GetPagesAsImages Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-54924
12 Aug 2025 — CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint. CWE-918: Existe una vulnerabilidad de Server-Side Request Forgery (SSRF) que podría provocar acceso no autorizado a datos confidenciales cuando un atacante envía un documento especialmente manipulado a un endpoint vulnerable. This vulnerability allows remote attackers to disclose sensitive information on affected... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-224-02.pdf • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54925 – Schneider Electric EcoStruxure Power Monitoring Expert ExportDataAsXML Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-54925
12 Aug 2025 — CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url. CWE-918: Existe una vulnerabilidad de Server-Side Request Forgery (SSRF) que podría provocar acceso no autorizado a datos confidenciales cuando un atacante configura la aplicación para acceder a una URL maliciosa. This vulnerability allows remote attackers to disclose sensitive information on affected installations of S... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-224-02.pdf • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54926 – Schneider Electric EcoStruxure Power Monitoring Expert GetTgmlContent Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-54926
12 Aug 2025 — CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets executed. CWE-22: Existe una vulnerabilidad de limitación incorrecta de una ruta a un directorio restringido ('Path Traversal') que podría provocar la ejecución remota de código cuando un atacante autenticado con privilegios de administrador carga un archivo ma... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-224-02.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54927 – Schneider Electric EcoStruxure Power Monitoring Expert HttpPostedFile Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-54927
12 Aug 2025 — CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path input that is processed by the system. CWE-22: Existe una vulnerabilidad de limitación incorrecta de una ruta a un directorio restringido ('Path Traversal') que podría provocar acceso no autorizado a archivos confidenciales cuando un atacante autenticado utiliza una entrada de ruta manipulada qu... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-224-02.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •