CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5985
https://notcve.org/view.php?id=CVE-2023-5985
A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system values. Existe una vulnerabilidad CWE-79: Neutralización Inadecuada de la Entrada Durante la Generación de Páginas Web que podría comprometer el navegador de un usuario cuando un atacante con privilegios de administrador ha modificado los valores del sistema. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-01.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5984
https://notcve.org/view.php?id=CVE-2023-5984
A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device. Existe una vulnerabilidad CWE-494: Descarga de Código Sin Verificación de Integridad que podría permitir que se cargue firmware modificado cuando un usuario administrador autorizado comienza un procedimiento de actualización de firmware. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-01.pdf • CWE-494: Download of Code Without Integrity Check •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-46680
https://notcve.org/view.php?id=CVE-2022-46680
A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-03.pdf • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2021-22713
https://notcve.org/view.php?id=CVE-2021-22713
A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security notifcation for affected versions), which could cause the meter to reboot. A CWE-119: se presenta vulnerabilidad de Restricción Inapropiada de Operaciones dentro de los Límites de un Búfer de la Memoria en PowerLogic ION8650, ION8800, ION7650, ION7700 /73xx e ION83xx /84xx/85xx /8600 (consulte la notificación de seguridad para las versiones afectadas), lo que podría causar al medidor reiniciarse • https://www.se.com/ww/en/download/document/SEVD-2021-068-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.5EPSS: 0%CPEs: 21EXPL: 0CVE-2021-22701
https://notcve.org/view.php?id=CVE-2021-22701
A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface. Una CWE-352: Se presenta una vulnerabilidad de tipo Cross-Site Request Forgery en PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 y PM800 (consulte la notificación para las versiones afectadas), que podría causar que un usuario lleve a cabo una acción no deseada en el dispositivo de destino cuando se usa la interfaz web HTTP • https://www.se.com/ww/en/download/document/SEVD-2021-040-01 • CWE-352: Cross-Site Request Forgery (CSRF) •