{"api_version":"1","generated_at":"2026-05-13T12:21:24+00:00","cve":"CVE-2018-7795","urls":{"html":"https://cve.report/CVE-2018-7795","api":"https://cve.report/api/cve/CVE-2018-7795.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-7795","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-7795"},"summary":{"title":"CVE-2018-7795","description":"A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.","state":"PUBLIC","assigner":"cybersecurity@schneider-electric.com","published_at":"2018-08-29 20:29:00","updated_at":"2018-11-07 19:09:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-228-01/","name":"https://www.schneider-electric.com/en/download/document/SEVD-2018-228-01/","refsource":"CONFIRM","tags":["Mitigation","Vendor Advisory"],"title":"Security Notification – PowerLogic PM5560 | Schneider Electric","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/105170","name":"105170","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Schneider Electric PowerLogic PM5560 CVE-2018-7795 Unspecified Cross Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-240-03","name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-240-03","refsource":"MISC","tags":["Mitigation","Third Party Advisory","US Government Resource"],"title":"Schneider Electric PowerLogic PM5560 | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-7795","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7795","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"7795","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"schneider-electric","cpe5":"powerlogic_pm5560","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"7795","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"schneider-electric","cpe5":"powerlogic_pm5560","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"7795","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"schneider-electric","cpe5":"powerlogic_pm5560_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"7795","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"schneider-electric","cpe5":"powerlogic_pm5560_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-7795","qid":"590482","title":"Schneider Electric PowerLogic PM5560 Cross Protocol Injection Vulnerability(ICSA-18-240-03)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cybersecurity@schneider-electric.com","DATE_PUBLIC":"2018-08-15T00:00:00","ID":"CVE-2018-7795","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"PowerLogic - PM5560 prior to FW version 2.5.4","version":{"version_data":[{"version_value":"PowerLogic - PM5560 prior to FW version 2.5.4"}]}}]},"vendor_name":"Schneider Electric SE"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Cross Protocol Injection"}]}]},"references":{"reference_data":[{"name":"https://www.schneider-electric.com/en/download/document/SEVD-2018-228-01/","refsource":"CONFIRM","url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-228-01/"},{"name":"105170","refsource":"BID","url":"http://www.securityfocus.com/bid/105170"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-240-03","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-240-03"}]}},"nvd":{"publishedDate":"2018-08-29 20:29:00","lastModifiedDate":"2018-11-07 19:09:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:schneider-electric:powerlogic_pm5560_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.4","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:schneider-electric:powerlogic_pm5560:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"7795","Ordinal":"124109","Title":"CVE-2018-7795","CVE":"CVE-2018-7795","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"7795","Ordinal":"1","NoteData":"A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"7795","Ordinal":"2","NoteData":"2018-08-29","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"7795","Ordinal":"3","NoteData":"2018-08-30","Type":"Other","Title":"Modified"}]}}}