CNNVD-202508-2252 Information
CNNVD ID
CNNVD-202508-2252
Related CVE
- CNNVD Published: 2025-08-20
Description (Chinese)
Schneider Electric EcoStruxure Power Monitoring Expert和EcoStruxure Power Operation AdvancedReporting and Dashboards Module都是法国施耐德电气(Schneider Electric)公司的产品。Schneider Electric EcoStruxure Power Monitoring Expert是一个用于物联网环境中进行配电监控的设备。EcoStruxure Power Operation AdvancedReporting and Dashboards Module是一个配电网络定制化组件。 Schneider Electric EcoStruxure Power Monitoring Expert和EcoStruxure Power Operation AdvancedReporting and Dashboards Module存在安全漏洞,该漏洞源于路径名限制不当,可能导致未经授权访问敏感文件。
Description (English)
Schneider Electric EcoStruxure Power Monitoring Export and EcoStruxure Power Operations Advanced Reporting and Dashboards Module are products of Schneider Electric, France. Schneider Electric EcoStruxure Power Monitoring Export is a device for electrical distribution monitoring in an object-networked environment. EcoStruxure Power Operation Advanced Reporting and Dashboards Module is a customized component of the distribution network. There is a security loophole in Schneider Electric EcoStruxure Power Monitoring Exchange and EcoStruxure Power Operations Advanced Reporting and Dashboards Modeule, which stems from inappropriate path name restrictions that may lead to unauthorized access to sensitive documents.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
施耐德电气。
Published
2025-08-20
Last Modified
2026-02-24
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-224-02.pdf https://nvd.nist.gov/vuln/detail/CVE-2025-54927