CVE-2018-7795 in PowerLogic PM5560
Summary
by MITRE
A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 05/29/2026
The vulnerability identified as CVE-2018-7795 represents a critical cross protocol injection flaw within Schneider Electric's PowerLogic PM5560 device firmware prior to version 2.5.4. This weakness specifically affects the web-based interface of the power monitoring equipment, creating a pathway for malicious actors to exploit cross-site scripting attacks through manipulated user inputs. The vulnerability stems from insufficient input validation and sanitization mechanisms within the device's web server implementation, allowing attackers to inject malicious JavaScript code that executes within the context of authenticated user sessions.
The technical nature of this flaw aligns with CWE-93, which describes improper neutralization of CRLF (Carriage Return Line Feed) sequences that could be used for protocol smuggling, and CWE-79, which covers cross-site scripting vulnerabilities. The vulnerability operates through the device's web interface where user-provided data is not properly sanitized before being rendered back to the browser, creating an environment where malicious payloads can be executed in the victim's browser context. Attackers can leverage this weakness to perform session hijacking, steal sensitive information, or redirect users to malicious websites.
Operationally, this vulnerability poses significant risks to industrial control systems and power management environments where the PM5560 devices are deployed. The attack surface extends beyond simple data theft to potentially enable more sophisticated attacks including privilege escalation and lateral movement within network segments. The web interface exposure creates a direct attack vector for threat actors who may attempt to compromise the device's configuration settings or manipulate real-time power monitoring data, potentially leading to operational disruptions or safety hazards in critical infrastructure environments. The vulnerability's impact is amplified by the fact that the affected devices are commonly used in industrial settings where network segmentation may be limited.
Mitigation strategies for CVE-2018-7795 should prioritize immediate firmware updates to version 2.5.4 or later, which contain proper input validation and sanitization measures. Network segmentation should be implemented to isolate these devices from general network traffic, and access controls should be strictly enforced through multi-factor authentication and role-based access policies. Regular security assessments and penetration testing should be conducted to identify similar vulnerabilities in other industrial control system components. The implementation of web application firewalls and network monitoring solutions can help detect and prevent exploitation attempts. Additionally, security awareness training for personnel managing these devices should emphasize the importance of patch management and secure configuration practices. Organizations should also consider implementing continuous monitoring solutions that can detect anomalous behavior patterns indicative of exploitation attempts, aligning with ATT&CK framework techniques related to credential access and defense evasion.