Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-7231

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'.

Published

2018-03-09T23:29:00.547

Last Modified

2024-11-21T04:11:50.157

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	schneider-electric	mps110-1_firmware	< 3.29.67	Yes
Hardware	schneider-electric	mps110-1	-	No
Operating System	schneider-electric	imps110-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imps110-1er	-	No
Operating System	schneider-electric	ibps110-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	ibps110-1er	-	No
Operating System	schneider-electric	imp1110-1_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp1110-1	-	No
Operating System	schneider-electric	imp1110-1e_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp1110-1e	-	No
Operating System	schneider-electric	imp1110-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp1110-1er	-	No
Operating System	schneider-electric	ibp1110-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	ibp1110-1er	-	No
Operating System	schneider-electric	imp219-1_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp219-1	-	No
Operating System	schneider-electric	imp219-1e_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp219-1e	-	No
Operating System	schneider-electric	imp219-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp219-1er	-	No
Operating System	schneider-electric	ibp219-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	ibp219-1er	-	No
Operating System	schneider-electric	imp319-1_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp319-1	-	No
Operating System	schneider-electric	imp319-1e_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp319-1e	-	No
Operating System	schneider-electric	ibp319-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	ibp319-1er	-	No
Operating System	schneider-electric	imp519-1_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp519-1	-	No
Operating System	schneider-electric	imp319-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp319-1er	-	No
Operating System	schneider-electric	imp519-1e_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp519-1e	-	No
Operating System	schneider-electric	imp519-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imp519-1er	-	No
Operating System	schneider-electric	ibp519-1er_firmware	< 3.29.67	Yes
Hardware	schneider-electric	ibp519-1er	-	No
Operating System	schneider-electric	imps110-1e_firmware	< 3.29.67	Yes
Hardware	schneider-electric	imps110-1e	-	No

References

https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/ Patch, Vendor Advisory ([email protected])
https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/ Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)