CVE-2018-7797

CWE-601 — Open Redirect3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 61.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Ecostruxure Energy Expert Schneider-electric Ecostruxure Power Monitoring Expert Schneider-electric Ecostruxure Power Scada Operation

Timeline

PublishedDec 17

Latest updateMay 14

Description

A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a ph…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDschneider-electric/ecostruxure_power_monitoring_expert8.2, 9.0+1

▶NVDschneider-electric/ecostruxure_power_scada_operation8.2, 9.0+1

▶NVDschneider-electric/ecostruxure_energy_expert1.3, 2.0+1

🔴Vulnerability Details

GHSA

GHSA-9p3j-xx7r-8mm9: A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME)↗2022-05-14

▶

CVEList

CVE-2018-7797: A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME)↗2018-12-17

▶