Vulnerability Description
A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Powerlogic Pm5560 Firmware | < 2.5.4 |
| Schneider-Electric | Powerlogic Pm5560 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105170Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-240-03MitigationThird Party AdvisoryUS Government Resource
- https://www.schneider-electric.com/en/download/document/SEVD-2018-228-01/MitigationVendor Advisory
- http://www.securityfocus.com/bid/105170Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-240-03MitigationThird Party AdvisoryUS Government Resource
- https://www.schneider-electric.com/en/download/document/SEVD-2018-228-01/MitigationVendor Advisory
FAQ
What is CVE-2018-7795?
CVE-2018-7795 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting a...
How severe is CVE-2018-7795?
CVE-2018-7795 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7795?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Powerlogic Pm5560 Firmware, Schneider-Electric Powerlogic Pm5560.