CVE-2018-7797
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.
Existe una vulnerabilidad de redirección de URL en Power Monitoring Expert, Energy Expert (anteriormente Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (todas las ediciones), EcoStruxure Energy Expert 1.3 (anteriormente Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0 y EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module, lo que podrÃa provocar un ataque de phishing cuando se redirecciona a un sitio malicioso.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-03-08 CVE Reserved
- 2018-12-17 CVE Published
- 2024-05-09 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/106277 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01 | 2019-02-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | Ecostruxure Energy Expert Search vendor "Schneider-electric" for product "Ecostruxure Energy Expert" | 1.3 Search vendor "Schneider-electric" for product "Ecostruxure Energy Expert" and version "1.3" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Ecostruxure Energy Expert Search vendor "Schneider-electric" for product "Ecostruxure Energy Expert" | 2.0 Search vendor "Schneider-electric" for product "Ecostruxure Energy Expert" and version "2.0" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Ecostruxure Power Monitoring Expert Search vendor "Schneider-electric" for product "Ecostruxure Power Monitoring Expert" | 8.2 Search vendor "Schneider-electric" for product "Ecostruxure Power Monitoring Expert" and version "8.2" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Ecostruxure Power Monitoring Expert Search vendor "Schneider-electric" for product "Ecostruxure Power Monitoring Expert" | 9.0 Search vendor "Schneider-electric" for product "Ecostruxure Power Monitoring Expert" and version "9.0" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Ecostruxure Power Scada Operation Search vendor "Schneider-electric" for product "Ecostruxure Power Scada Operation" | 8.2 Search vendor "Schneider-electric" for product "Ecostruxure Power Scada Operation" and version "8.2" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Ecostruxure Power Scada Operation Search vendor "Schneider-electric" for product "Ecostruxure Power Scada Operation" | 9.0 Search vendor "Schneider-electric" for product "Ecostruxure Power Scada Operation" and version "9.0" | - |
Affected
| ||||||