CVE-2018-7797

Name of the Vulnerable Software and Affected Versions EcoStruxure Power Monitoring Expert (PME) versions 8.2 through 9.0 EcoStruxure Energy Expert versions 1.3 through 2.0 EcoStruxure Power SCADA Operation (PSO) versions 8.2 through 9.0 Advanced Reports and Dashboards Module

Description A URL redirection issue exists that could lead to a phishing attack when users are redirected to a malicious site. The vulnerability is related to insufficient protection of web pages, which could allow a remote attacker to redirect users to an arbitrary URL.

Recommendations For EcoStruxure Power Monitoring Expert (PME) versions 8.2 through 9.0, update to a version that includes the fix for this issue. For EcoStruxure Energy Expert versions 1.3 through 2.0, update to a version that includes the fix for this issue. For EcoStruxure Power SCADA Operation (PSO) versions 8.2 through 9.0 Advanced Reports and Dashboards Module, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the affected web pages to minimize the risk of exploitation.