Cross Protocol Injection Vulnerability in Schneider Electric's PowerLogic PM5560 (FW version < 2.5.4) Allows Cross-Site Scripting Attack

CVE-2018-7795 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.

Learn more about our Web App Pen Testing.