Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-7797

A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.

Published

2018-12-17T22:29:00.220

Last Modified

2024-11-21T04:12:45.220

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

4.9

Weaknesses
  • Type: Primary
    CWE-601
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application schneider-electric ecostruxure_energy_expert 1.3 Yes
Application schneider-electric ecostruxure_energy_expert 2.0 Yes
Application schneider-electric ecostruxure_power_monitoring_expert 8.2 Yes
Application schneider-electric ecostruxure_power_monitoring_expert 9.0 Yes
Application schneider-electric ecostruxure_power_scada_operation 8.2 Yes
Application schneider-electric ecostruxure_power_scada_operation 9.0 Yes
References