Vulnerability Details CVE-2018-7278
An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2018-7278
-
cpe:2.3:h:rletech:fds-pc-dp:-
-
cpe:2.3:h:rletech:fds-pc:-
-
cpe:2.3:o:rletech:fds-pc-dp_firmware:2.1
-
cpe:2.3:o:rletech:fds-pc_firmware:2.1