schneider-electric ecostruxure-energy-expert CVE-2018-7797 vulnerability in Schneider Electric Products
Published on December 17, 2018

A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.

NVD


Products Associated with CVE-2018-7797

Want to know whenever a new CVE is published for Schneider Electric products? stack.watch will email you.

Schneider Electric Ecostruxure Energy Expert
 
Schneider Electric Ecostruxure Power Monitoring Expert
 
Schneider Electric Ecostruxure Power Scada Operation
 

Affected Versions

Schneider Electric SE Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxureª Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxureª Energy Expert 1.3 (formerly Power Manager), EcoStruxureª Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxureª Power Monitoring Expert (PME) v9.0, EcoStruxureª Energy Expert v2.0, and EcoStruxureªPower SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module:

Exploit Probability

EPSS
0.17%
Percentile
38.54%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.