CVE-2018-7797 (GCVE-0-2018-7797)
Vulnerability from cvelistv5
Published
2018-12-17 22:00
Modified
2024-08-05 06:37
Severity ?
CWE
  • URL redirection
Summary
A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.
References
Impacted products
Vendor Product Version
Schneider Electric SE Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxureª Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxureª Energy Expert 1.3 (formerly Power Manager), EcoStruxureª Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxureª Power Monitoring Expert (PME) v9.0, EcoStruxureª Energy Expert v2.0, and EcoStruxureªPower SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module Version: EcoStruxure&#xaa
Version: Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure&#xaa
Version: Energy Expert 1.3 (formerly Power Manager), EcoStruxure&#xaa
Version: Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure&#xaa
Version: Power Monitoring Expert (PME) v9.0, EcoStruxure&#xaa
Version: Energy Expert v2.0, and EcoStruxure&#xaa
Version: Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:37:59.199Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106277",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106277"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa; Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa; Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa; Energy Expert v2.0, and EcoStruxure\u0026#xaa;Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module",
          "vendor": "Schneider Electric SE",
          "versions": [
            {
              "status": "affected",
              "version": "EcoStruxure\u0026#xaa"
            },
            {
              "status": "affected",
              "version": "Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa"
            },
            {
              "status": "affected",
              "version": "Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa"
            },
            {
              "status": "affected",
              "version": "Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa"
            },
            {
              "status": "affected",
              "version": "Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa"
            },
            {
              "status": "affected",
              "version": "Energy Expert v2.0, and EcoStruxure\u0026#xaa"
            },
            {
              "status": "affected",
              "version": "Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module"
            }
          ]
        }
      ],
      "datePublic": "2018-12-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "URL redirection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-22T10:57:01.000Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "name": "106277",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106277"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2018-7797",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa; Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa; Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa; Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa; Energy Expert v2.0, and EcoStruxure\u0026#xaa;Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EcoStruxure\u0026#xaa"
                          },
                          {
                            "version_value": "Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure\u0026#xaa"
                          },
                          {
                            "version_value": "Energy Expert 1.3 (formerly Power Manager), EcoStruxure\u0026#xaa"
                          },
                          {
                            "version_value": "Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure\u0026#xaa"
                          },
                          {
                            "version_value": "Power Monitoring Expert (PME) v9.0, EcoStruxure\u0026#xaa"
                          },
                          {
                            "version_value": "Energy Expert v2.0, and EcoStruxure\u0026#xaa"
                          },
                          {
                            "version_value": "Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Schneider Electric SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "URL redirection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106277",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106277"
            },
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/",
              "refsource": "CONFIRM",
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2018-7797",
    "datePublished": "2018-12-17T22:00:00.000Z",
    "dateReserved": "2018-03-08T00:00:00.000Z",
    "dateUpdated": "2024-08-05T06:37:59.199Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.