CVE-2025-7746

Summary

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause an unvalidated data injected by a malicious user potentially leading to modify or read data in a victim’s browser.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricATV630/650/660/680/6A0/6B0/6L0 Altivar Process Drivesall versionsaffected
Schneider ElectricATV930/950/955/960/980/9A0/9B0/9L0/991/992/993 Altivar Process Drivesall versionsaffected
Schneider ElectricILC992 InterLink Converterall versionsaffected
Schneider ElectricATV340E Altivar Machine Drivesall versionsaffected
Schneider ElectricATV6000 Medium Voltage Altivar Process Drivesall versionsaffected
Schneider ElectricATS490 Altivar Soft Starterall versionsaffected
Schneider ElectricVW3A3720 & VW3A3721 Altivar Process Communication Modulesall versionsaffected
Schneider ElectricVW3A3530D: ATVdPAC moduleall versions < v25.0affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References