CVE-2025-6788
5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML diagrams.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Schneider Electric | EcoStruxure™ Power Monitoring Expert | 2023 < All | affected |
| Schneider Electric | EcoStruxure™ Power Monitoring Expert | 2023 R2 < All | affected |
| Schneider Electric | EcoStruxure™ Power Monitoring Expert | 2024 < All | affected |
| Schneider Electric | EcoStruxure™ Power Monitoring Expert | 2024 R2 < All | affected |
| Schneider Electric | EcoStruxure™ Power Operation Advanced Reporting and Dashboards Module | 2022 w/ Advanced Reporting Module < All | affected |
| Schneider Electric | EcoStruxure™ Power Operation Advanced Reporting and Dashboards Module | 2024 w/ Advanced Reporting Module < All | affected |
Weaknesses
- CWE-668: CWE-668 Exposure of Resource to Wrong Sphere
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.