CVE-2025-7746
5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
Summary
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause an unvalidated data injected by a malicious user potentially leading to modify or read data in a victim’s browser.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Schneider Electric | ATV630/650/660/680/6A0/6B0/6L0 Altivar Process Drives | all versions | affected |
| Schneider Electric | ATV930/950/955/960/980/9A0/9B0/9L0/991/992/993 Altivar Process Drives | all versions | affected |
| Schneider Electric | ILC992 InterLink Converter | all versions | affected |
| Schneider Electric | ATV340E Altivar Machine Drives | all versions | affected |
| Schneider Electric | ATV6000 Medium Voltage Altivar Process Drives | all versions | affected |
| Schneider Electric | ATS490 Altivar Soft Starter | all versions | affected |
| Schneider Electric | VW3A3720 & VW3A3721 Altivar Process Communication Modules | all versions | affected |
| Schneider Electric | VW3A3530D: ATVdPAC module | all versions < v25.0 | affected |
Weaknesses
- CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.