Vulnerability Description
A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Ecostruxure Energy Expert | 1.3 |
| Schneider-Electric | Ecostruxure Power Monitoring Expert | 8.2 |
| Schneider-Electric | Ecostruxure Power Scada Operation | 8.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106277Third Party AdvisoryVDB Entry
- https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/Vendor Advisory
- http://www.securityfocus.com/bid/106277Third Party AdvisoryVDB Entry
- https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/Vendor Advisory
FAQ
What is CVE-2018-7797?
CVE-2018-7797 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3...
How severe is CVE-2018-7797?
CVE-2018-7797 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7797?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Ecostruxure Energy Expert, Schneider-Electric Ecostruxure Power Monitoring Expert, Schneider-Electric Ecostruxure Power Scada Operation.