CVE-2018-7795

EUVD-2018-19507
A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
schneider-electricpowerlogic_pm5560_firmware
𝑥
< 2.5.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105170
https://ics-cert.us-cert.gov/advisories/ICSA-18-240-03
https://www.schneider-electric.com/en/download/document/SEVD-2018-228-01/
http://www.securityfocus.com/bid/105170
https://ics-cert.us-cert.gov/advisories/ICSA-18-240-03
https://www.schneider-electric.com/en/download/document/SEVD-2018-228-01/