High-Severity Flaws Patched in Schneider Electric Products

Schneider Electric has released fixes for a slew of vulnerabilities that can be exploited remotely in two of its industrial control system products.

The two flaws, which exist in Schneider Electric’s power management system, PowerLogic PM5560, and its programmable logic controller, Modicon M221, can be exploited remotely, according to dual advisories released by ICS-CERT on Tuesday.

The PowerLogic PM5560 (in all versions prior to firmware Version 2.5.4) contains a cross-site scripting flaw, CVE-2018-7795.  The advisory noted no exploits for this flaw have been discovered.

Read more…
Source: ThreatPost