Vulnerability CVE-2018-7797

Vulnerability CVE-2018-7797

Published: 2018-12-17

Description:

A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.

Type:

CWE-601

(URL Redirection to Untrusted Site ('Open Redirect'))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5.8/10	4.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	None

Affected software
Schneider-electric -> Ecostruxure energy expert
Schneider-electric -> Ecostruxure power monitoring expert
Schneider-electric -> Ecostruxure power scada operation

References:

http://www.securityfocus.com/bid/106277

https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/

Copyright 2024, cxsecurity.com