CVE-2018-7795

Summary

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.

Affected Software

VendorProductVersion RangeStatus
Schneider Electric SEPowerLogic - PM5560 prior to FW version 2.5.4PowerLogic - PM5560 prior to FW version 2.5.4affected

Weaknesses

  • Cross Protocol Injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References