CVE Vulnerability

CVE-2018-7795

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

6.1 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.schneider-electric.com/en/download/document/SEVD-2018-228-01/ Mitigation Vendor Advisory
http://www.securityfocus.com/bid/105170 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-240-03 Mitigation Third Party Advisory
Configurations

Configuration 1
Information

Published : 2018-08-29 08:29

Updated : 2018-11-07 07:09

NVD link : CVE-2018-7795

Mitre link : CVE-2018-7795

Products Affected
No products.
CWE
CWE-79