CVSS: 8.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-6625
https://notcve.org/view.php?id=CVE-2025-6625
18 Aug 2025 — CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device. CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-224-05.pdf • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6788
https://notcve.org/view.php?id=CVE-2025-6788
11 Jul 2025 — CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML diagrams. A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML diagrams. A CWE-668: Exposure of Resource to Wrong Sphere vulnerability ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-189-04.pdf • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6438 – Schneider Electric EcoStruxure IT Data Center Expert 8.3 XML Injection
https://notcve.org/view.php?id=CVE-2025-6438
10 Jul 2025 — CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account. CWE-611: Existe una vulnerabilidad de restricción incorrecta de referencia de entidad externa XML que podría causar la manipulación de llamadas a la API SOAP y la inyección de entidades externas XML, lo que resulta en un acceso no a... • https://packetstorm.news/files/id/206242 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-50121 – Schneider Electric EcoStruxure IT Data Center Expert 8.3 Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-50121
10 Jul 2025 — CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. HTTP is disabled by default. A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interf... • https://packetstorm.news/files/id/206243 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-50122 – Schneider Electric EcoStruxure IT Data Center Expert 8.3 Root Password Discovery
https://notcve.org/view.php?id=CVE-2025-50122
10 Jul 2025 — CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the password generation algorithm is reverse engineered with access to installation or upgrade artifacts. A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the password generation algorithm is reverse engineered with access to installation or upgrade artifacts. A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the p... • https://packetstorm.news/files/id/206244 • CWE-331: Insufficient Entropy •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2025-50123 – Schneider Electric EcoStruxure IT Data Center Expert 8.3 Remote Command Execution
https://notcve.org/view.php?id=CVE-2025-50123
10 Jul 2025 — CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a console and through exploitation of the hostname input. A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a console and through exploitation of the hostname input. A CWE-94: Improper Contr... • https://packetstorm.news/files/id/206245 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2025-50124 – Schneider Electric EcoStruxure IT Data Center Expert 8.3 Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-50124
10 Jul 2025 — CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a setup script. A CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a setup script. A CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escal... • https://packetstorm.news/files/id/206246 • CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2025-50125 – Schneider Electric EcoStruxure IT Data Center Expert 8.3 Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2025-50125
10 Jul 2025 — CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header. A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header. A CWE-918: Server-Side Request Forgery (... • https://packetstorm.news/files/id/206247 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-3117
https://notcve.org/view.php?id=CVE-2025-3117
10 Jun 2025 — CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser. CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user lead... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-161-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-161-02.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-3116
https://notcve.org/view.php?id=CVE-2025-3116
10 Jun 2025 — CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller. CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-161-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-161-02.pdf • CWE-20: Improper Input Validation •