Schneider Fixes XSS Vulnerability
Wednesday, June 22, 2016 @ 02:06 PM gHale
Schneider Electric created a firmware update to mitigate a cross-site scripting (XSS) vulnerability in its PowerLogic PM8ECC communications add-on module for the Series 800 PowerMeter, according to a report with ICS-CERT.
PowerLogic PM8ECC, firmware versions prior to Version 2.651 suffer from the remotely exploitable vulnerability.
Schneider Electric’s corporate headquarters is located in Paris, France, and it maintains offices in more than 100 countries worldwide.
PowerLogic PM8ECC is a communications add-on module for the Series 800 PowerMeter. PowerLogic PM8ECC sees action in the commercial facilities sector. Schneider Electric said the product sees use on a global basis.
CVE-2016-4513 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.1.
No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.
Click here for the PowerLogic PM8ECC firmware Version 2.65.