A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/105170 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-18-240-03 | Mitigation Third Party Advisory US Government Resource |
https://www.schneider-electric.com/en/download/document/SEVD-2018-228-01/ | Mitigation Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: schneider
Published: 2018-08-15T00:00:00
Updated: 2018-08-30T19:57:02
Reserved: 2018-03-08T00:00:00
Link: CVE-2018-7795
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-08-29T20:29:00.437
Modified: 2018-11-07T19:09:10.790
Link: CVE-2018-7795
JSON object: View
Redhat Information
No data.
CWE