URL Redirection Vulnerability in Schneider Electric's Power Monitoring Expert and Energy Expert
CVE-2018-7797

6.1MEDIUM

Key Information:

Vendor
Schneider Electric
Status
Power Monitoring Expert, Energy Expert (formerly Power Manager) - Ecostruxureª Power Monitoring Expert (pme) V8.2 (all Editions), Ecostruxureª Energy Expert 1.3 (formerly Power Manager), Ecostruxureª Power Scada Operation (pso) 8.2 Advanced Reports And Dashboards Module, Ecostruxureª Power Monitoring Expert (pme) V9.0, Ecostruxureª Energy Expert V2.0, And Ecostruxureªpower Scada Operation (pso) 9.0 Advanced Reports And Dashboards Module
Vendor
CVE Published:
17 December 2018

Summary

A URL redirection vulnerability found in multiple versions of Schneider Electric's Power Monitoring Expert and Energy Expert allows attackers to direct users to malicious websites. This risk can result in phishing attacks, posing significant threats to user credentials and data security.

Affected Version(s)

Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxureª Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxureª Energy Expert 1.3 (formerly Power Manager), EcoStruxureª Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxureª Power Monitoring Expert (PME) v9.0, EcoStruxureª Energy Expert v2.0, and EcoStruxureªPower SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module EcoStruxure&#xaa

Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxureª Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxureª Energy Expert 1.3 (formerly Power Manager), EcoStruxureª Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxureª Power Monitoring Expert (PME) v9.0, EcoStruxureª Energy Expert v2.0, and EcoStruxureªPower SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure&#xaa

Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxureª Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxureª Energy Expert 1.3 (formerly Power Manager), EcoStruxureª Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxureª Power Monitoring Expert (PME) v9.0, EcoStruxureª Energy Expert v2.0, and EcoStruxureªPower SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module Energy Expert 1.3 (formerly Power Manager), EcoStruxure&#xaa

References

http://www.securityfocus.com/bid/106277
vdb-entryx_refsource_BID
https://www.schneider-electric.com/en/download/document/S...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.