CVE-2018-7278

Name of the Vulnerable Software and Affected Versions RLE Protocol Converter FDS-PC / FDS-PC-DP version 2.1

Description An issue exists in the web server of the device, where persistent XSS is present, allowing remote attackers to inject malicious JavaScript code. This is achieved through the device's BACnet implementation and is similar to a Cross Protocol Injection with SNMP.

Recommendations For version 2.1, consider disabling the web server functionality until a patch is available to prevent exploitation of the persistent XSS issue. Restrict access to the BACnet implementation to minimize the risk of malicious code injection. Avoid using the device's web interface for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.