CVE-2018-7795

Published: Aug 29, 2018Modified: May 29, 2026

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.

Affected (1)

Products: Schneider Electric: Powerlogic Pm5560 Firmware

Schneider Electric

1 product

Powerlogic Pm5560 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Powerlogic Pm5560 Firmware	Before 2.5.4

Running on/with	Platform Versions
Schneider Electric Powerlogic Pm5560	All versions

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

http://www.securityfocus.com/bid/105170

Source: cybersecurity@se.com

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-240-03

Source: cybersecurity@se.com

MitigationThird Party AdvisoryUS Government Resource

https://www.schneider-electric.com/en/download/document/SEVD-2018-228-01/

Source: cybersecurity@se.com

MitigationVendor Advisory

http://www.securityfocus.com/bid/105170

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-240-03

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

https://www.schneider-electric.com/en/download/document/SEVD-2018-228-01/

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.