Your one-stop web resource providing safety and security information to manufacturers

Schneider Electric released a fix to take care of a cross-site scripting vulnerability in its PowerLogic PM5560, according to a report with NCCIC.

Successful exploitation of this remotely exploitable vulnerability could allow user input to be manipulated, allowing for remote code execution.

ABB Fix Coming for eSOMS
BD Mitigates Hole in Alaris Plus
Mitigations for Philips’ Monitoring System
Yokogawa Fixes Buffer Overflow

A power management system, PowerLogic PM5560 all versions prior to firmware Version 2.5.4 suffer from the issue, discovered Ezequiel Fernandez and Bertin Jose, who worked with Schneider Electric on the vulnerability.

The PowerLogic PM5560 product is susceptible to cross-site scripting attack on its web browser. An attacker may be able to manipulate inputs to cause execution of java script code.

Schneider Bold

CVE-2018-7795 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.2.

The product sees use mainly in the energy sector, and it sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Schneider Electric has released a fix to address this vulnerability.

For more information see the Schneider Electric security notification.

Pin It on Pinterest

Share This