CVE-2018-7237

Published: Mar 9, 2018Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of validation of the /login/bin/set_param to the file name with the value of 'system.delete.sd_file'

Affected (20)

Products: Schneider Electric: Mps110 1 Firmware, Imps110 1er Firmware, Ibps110 1er Firmware, Imp1110 1 Firmware, Imp1110 1e Firmware, Imp1110 1er Firmware, Ibp1110 1er Firmware, Imp219 1 Firmware, Imp219 1e Firmware, Imp219 1er Firmware, Ibp219 1er Firmware, Imp319 1 Firmware, Imp319 1e Firmware, Ibp319 1er Firmware, Imp519 1 Firmware, Imp319 1er Firmware, Imp519 1e Firmware, Imp519 1er Firmware, Ibp519 1er Firmware, Imps110 1e Firmware

20 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Mps110 1 Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Mps110 1	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imps110 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imps110 1er	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Ibps110 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Ibps110 1er	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp1110 1 Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp1110 1	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp1110 1e Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp1110 1e	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp1110 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp1110 1er	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Ibp1110 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Ibp1110 1er	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp219 1 Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp219 1	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp219 1e Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp219 1e	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp219 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp219 1er	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Ibp219 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Ibp219 1er	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp319 1 Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp319 1	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp319 1e Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp319 1e	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Ibp319 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Ibp319 1er	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp519 1 Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp519 1	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp319 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp319 1er	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp519 1e Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp519 1e	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp519 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imp519 1er	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Ibp519 1er Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Ibp519 1er	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imps110 1e Firmware	Before 3.29.67

Running on/with	Platform Versions
Schneider Electric Imps110 1e	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/

Source: cybersecurity@se.com

PatchVendor Advisory

https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.