Ecostruxure poweroperation (epo) - advanced reporting and dashboards module
This hub aggregates every CVE we track for Ecostruxure poweroperation (epo) - advanced reporting and dashboards module, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.
7
CVEs tracked
0
Critical
5
High
0
In CISA KEV
Severity distribution
HIGH5MEDIUM2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
5
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 7 most recently published vulnerabilities affecting Ecostruxure poweroperation (epo) - advanced reporting and dashboards module.
- CVE-2025-54927CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers u...4.9
- CVE-2025-54926CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileg...7.2
- CVE-2025-54925CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url.7.5
- CVE-2025-54924CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint.7.5
- CVE-2025-54923CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exp...8.8
- CVE-2023-5987 A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attacke...6.1
- CVE-2023-5986 A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers...8.2
Product normalization is registry-driven with AI assist and human review. How it works