CVE-2018-7795

Name of the Vulnerable Software and Affected Versions Schneider Electric PowerLogic PM5560 versions prior to 2.5.4

Description A Cross Protocol Injection issue exists, making the product susceptible to cross-site scripting attacks on its web browser. User inputs can be manipulated to cause the execution of JavaScript code. The vulnerability is related to insufficient protection of the web page structure, which could allow a remote attacker to execute arbitrary code.

Recommendations For versions prior to 2.5.4, update to version 2.5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface of the PowerLogic PM5560 to minimize the risk of exploitation. Avoid using the web browser interface for sensitive operations until the issue is resolved.