CVE-2018-7795 Vulnerability Details

  /     /     /  

CVE-2018-7795 Metadata Quick Info

CVE Published: 29/08/2018 | CVE Updated: 16/09/2024 | CVE Year: 2018
Source: schneider | Vendor: Schneider Electric SE | Product: PowerLogic - PM5560 prior to FW version 2.5.4
Status : PUBLISHED

---

CVE-2018-7795 Description

A Cross Protocol Injection vulnerability exists in Schneider Electric\'s PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Cross Protocol Injection
Source: Schneider Electric SE

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).