CVE-2018-7234

Published: Mar 9, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate.

Affected (20)

Products: Schneider Electric: Mps110 1 Firmware, Imps110 1er Firmware, Ibps110 1er Firmware, Imp1110 1 Firmware, Imp1110 1e Firmware, Imp1110 1er Firmware, Ibp1110 1er Firmware, Imp219 1 Firmware, Imp219 1e Firmware, Imp219 1er Firmware, Ibp219 1er Firmware, Imp319 1 Firmware, Imp319 1e Firmware, Ibp319 1er Firmware, Imp519 1 Firmware, Imp319 1er Firmware, Imp519 1e Firmware, Imp519 1er Firmware, Ibp519 1er Firmware, Imps110 1e Firmware

20 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Mps110 1 Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Mps110 1	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imps110 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imps110 1er	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Ibps110 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Ibps110 1er	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp1110 1 Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp1110 1	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp1110 1e Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp1110 1e	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp1110 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp1110 1er	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Ibp1110 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Ibp1110 1er	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp219 1 Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp219 1	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp219 1e Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp219 1e	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp219 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp219 1er	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Ibp219 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Ibp219 1er	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp319 1 Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp319 1	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp319 1e Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp319 1e	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Ibp319 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Ibp319 1er	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp519 1 Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp519 1	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp319 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp319 1er	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp519 1e Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp519 1e	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp519 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp519 1er	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Ibp519 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Ibp519 1er	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imps110 1e Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imps110 1e	All versions

Related CWEs

CWE-295

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (2)

https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/

Source: cybersecurity@se.com

PatchVendor Advisory

https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.