CVE-2017-9966

Published: Jan 2, 2018Modified: Nov 21, 2024

7.1

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level.

Affected (1)

Products: Schneider Electric: Pelco Videoxpert

Schneider Electric

1 product

Pelco Videoxpert

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Pelco Videoxpert	Before 2.1

References (6)

http://www.securityfocus.com/bid/102338

Source: cybersecurity@se.com

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02

Source: cybersecurity@se.com

PatchThird Party AdvisoryUS Government Resource

https://www.schneider-electric.com/en/download/document/SEVD-2017-339-01/

Source: cybersecurity@se.com

http://www.securityfocus.com/bid/102338

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

https://www.schneider-electric.com/en/download/document/SEVD-2017-339-01/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.