CVE-2018-7797

Published: Dec 17, 2018Modified: Nov 21, 2024

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.

Affected (6)

Products: Schneider Electric: Ecostruxure Energy Expert, Ecostruxure Power Monitoring Expert, Ecostruxure Power Scada Operation

Schneider Electric

3 products

Ecostruxure Energy Expert

Ecostruxure Power Monitoring Expert

Ecostruxure Power Scada Operation

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Ecostruxure Energy Expert	Version 1.3
Schneider Electric Ecostruxure Energy Expert	Version 2.0
Schneider Electric Ecostruxure Power Monitoring Expert	Version 8.2
Schneider Electric Ecostruxure Power Monitoring Expert	Version 9.0
Schneider Electric Ecostruxure Power Scada Operation	Version 8.2
Schneider Electric Ecostruxure Power Scada Operation	Version 9.0