CVE-2018-7797
First published: Mon Dec 17 2018(Updated: )
A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Ecostruxure Energy Expert | =1.3 | |
| Schneider-electric Ecostruxure Energy Expert | =2.0 | |
| Schneider Electric EcoStruxure Power Monitoring Expert | =8.2 | |
| Schneider Electric EcoStruxure Power Monitoring Expert | =9.0 | |
| Schneider-electric Ecostruxure Power Scada Operation | =8.2 | |
| Schneider-electric Ecostruxure Power Scada Operation | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-7797?
CVE-2018-7797 is a URL redirection vulnerability that exists in Power Monitoring Expert, Energy Expert, EcoStruxure Power SCADA Operation, and EcoStruxure Power Monitoring Expert.
What is the severity of CVE-2018-7797?
CVE-2018-7797 has a severity rating of 6.1 (medium).
Which software versions are affected by CVE-2018-7797?
CVE-2018-7797 affects EcoStruxure Energy Expert 1.3, EcoStruxure Energy Expert 2.0, EcoStruxure Power Monitoring Expert 8.2, EcoStruxure Power Monitoring Expert 9.0, EcoStruxure Power SCADA Operation 8.2, and EcoStruxure Power SCADA Operation 9.0.
How can I fix CVE-2018-7797?
To fix CVE-2018-7797, it is recommended to apply the necessary security patches provided by Schneider Electric or upgrade to the latest version of the affected software.
Where can I find more information about CVE-2018-7797?
More information about CVE-2018-7797 can be found at the following references: [SecurityFocus](http://www.securityfocus.com/bid/106277) and [Schneider Electric Advisory](https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/).
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/schneider-electric
- canonical/schneider-electric ecostruxure energy expert
- version/schneider-electric ecostruxure energy expert/1.3
- version/schneider-electric ecostruxure energy expert/2.0
- canonical/schneider electric ecostruxure power monitoring expert
- version/schneider electric ecostruxure power monitoring expert/8.2
- version/schneider electric ecostruxure power monitoring expert/9.0
- canonical/schneider-electric ecostruxure power scada operation
- version/schneider-electric ecostruxure power scada operation/8.2
- version/schneider-electric ecostruxure power scada operation/9.0