Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-7227

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker.

Published

2018-03-09T23:29:00.217

Last Modified

2024-11-21T04:11:49.580

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	schneider-electric	mps110-1_firmware	< 3.29.67	Yes
Hardware	schneider-electric	mps110-1	-	No
Operating System	schneider-electric	imps110-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imps110-1er	-	No
Operating System	schneider-electric	ibps110-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	ibps110-1er	-	No
Operating System	schneider-electric	imp1110-1_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp1110-1	-	No
Operating System	schneider-electric	imp1110-1e_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp1110-1e	-	No
Operating System	schneider-electric	imp1110-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp1110-1er	-	No
Operating System	schneider-electric	ibp1110-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	ibp1110-1er	-	No
Operating System	schneider-electric	imp219-1_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp219-1	-	No
Operating System	schneider-electric	imp219-1e_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp219-1e	-	No
Operating System	schneider-electric	imp219-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp219-1er	-	No
Operating System	schneider-electric	ibp219-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	ibp219-1er	-	No
Operating System	schneider-electric	imp319-1_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp319-1	-	No
Operating System	schneider-electric	imp319-1e_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp319-1e	-	No
Operating System	schneider-electric	ibp319-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	ibp319-1er	-	No
Operating System	schneider-electric	imp519-1_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp519-1	-	No
Operating System	schneider-electric	imp319-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp319-1er	-	No
Operating System	schneider-electric	imp519-1e_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp519-1e	-	No
Operating System	schneider-electric	imp519-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp519-1er	-	No
Operating System	schneider-electric	ibp519-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	ibp519-1er	-	No
Operating System	schneider-electric	imps110-1e_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imps110-1e	-	No

References

https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/ Patch, Vendor Advisory ([email protected])
https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/ Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)