CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-7795

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.9%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

http://www.securityfocus.com/bid/105170
https://ics-cert.us-cert.gov/advisories/ICSA-18-240-03
https://www.schneider-electric.com/en/download/document/SEVD-2018-228-01/
http://www.securityfocus.com/bid/105170
https://ics-cert.us-cert.gov/advisories/ICSA-18-240-03
https://www.schneider-electric.com/en/download/document/SEVD-2018-228-01/

Products affected by CVE-2018-7795

Schneider-Electric » Powerlogic Pm5560 » Version: N/A

cpe:2.3:h:schneider-electric:powerlogic_pm5560:-
Schneider-Electric » Powerlogic Pm5560 Firmware » Version: N/A

cpe:2.3:o:schneider-electric:powerlogic_pm5560_firmware:-
Schneider-Electric » Powerlogic Pm5560 Firmware » Version: 1.0

cpe:2.3:o:schneider-electric:powerlogic_pm5560_firmware:1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-7795

Products

Pricing

Contact Us