XSS in Schneider Electric Ats490 Altivar Soft Starter
CVE-2025-7746
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause an unvalidated data injected by a malicious user potentially leading to modify or read data in a victim’s br…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.004 (31.8th percentile) — read the EPSS interpretation.
Affected products
- Schneider Electric Ats490 Altivar Soft Starter — versions all versions
- Schneider Electric Atv340e Altivar Machine Drives — versions all versions
- Schneider Electric Atv6000 Medium Voltage Altivar Process Drives — versions all versions
- Schneider Electric Atv630/650/660/680/6a0/6b0/6l0 Altivar Process Drives — versions all versions
- Schneider Electric Atv930/950/955/960/980/9a0/9b0/9l0/991/992/993 Altivar Process Drives — versions all versions
- Schneider Electric Ilc992 Interlink Converter — versions all versions
- Schneider Electric Vw3a3530d: Atvdpac Module — versions all versions
- Schneider Electric Vw3a3720 & Vw3a3721 Altivar Process Communication Modules — versions all versions