CVE-2025-7746_CVE-2025-7746

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Description

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause an unvalidated data injected by a malicious user potentially leading to modify or read data in a victim’s browser.

Basic Information

ID CVE-2025-7746

Source schneider

Published Sep 9, 2025 at 21:02

Affected Product

Vendor Schneider Electric

Product ATV630/650/660/680/6A0/6B0/6L0 Altivar Process Drives

Version all versions

Affected Versions Schneider Electric ATV630/650/660/680/6A0/6B0/6L0 Altivar Process Drives all versions
Schneider Electric ATV930/950/955/960/980/9A0/9B0/9L0/991/992/993 Altivar Process Drives all versions
Schneider Electric ILC992 InterLink Converter all versions
Schneider Electric ATV340E Altivar Machine Drives all versions
Schneider Electric ATV6000 Medium Voltage Altivar Process Drives all versions
Schneider Electric ATS490 Altivar Soft Starter all versions
Schneider Electric VW3A3720 & VW3A3721 Altivar Process Communication Modules all versions
Schneider Electric VW3A3530D: ATVdPAC module all versions

CWE Classification

CWE-79

References

download.schneider-electric.com /files

{
    "lastseen": "",
    "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause an unvalidated data injected by a malicious user potentially leading to modify or read data in a victim\u2019s browser.",
    "published": "2025-09-09T21:02:08.936Z",
    "modified": "2025-09-09T21:02:08.936Z",
    "type": "cve",
    "title": "CVE-2025-7746",
    "source": "schneider",
    "references": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-252-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-252-01.pdf",
    "id": "CVE-2025-7746",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Schneider Electric ATV630/650/660/680/6A0/6B0/6L0 Altivar Process Drives all versions\nSchneider Electric ATV930/950/955/960/980/9A0/9B0/9L0/991/992/993 Altivar Process Drives all versions\nSchneider Electric ILC992 InterLink Converter all versions\nSchneider Electric ATV340E Altivar Machine Drives all versions\nSchneider Electric ATV6000 Medium Voltage Altivar Process Drives all versions\nSchneider Electric ATS490 Altivar Soft Starter all versions\nSchneider Electric VW3A3720 & VW3A3721 Altivar Process Communication Modules all versions\nSchneider Electric VW3A3530D: ATVdPAC module all versions",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ATV630/650/660/680/6A0/6B0/6L0 Altivar Process Drives",
    "version": "all versions",
    "vendor": "Schneider Electric",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}