CVE-2018-7243

Published: Apr 18, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device, bypassing the authorization system.

Affected (1)

Products: Schneider Electric: 66074 Mge Network Management Card Transverse

Schneider Electric

1 product

66074 Mge Network Management Card Transverse

Configuration A

1 vulnerable · 10 platform

Vulnerable Software	Affected Versions
Schneider Electric 66074 Mge Network Management Card Transverse	All versions

Running on/with	Platform Versions
Schneider Electric Mge Comet Ups	All versions
Schneider Electric Mge Eps 6000	All versions
Schneider Electric Mge Eps 7000	All versions
Schneider Electric Mge Eps 8000	All versions
Schneider Electric Mge Galaxy 3000	All versions
Schneider Electric Mge Galaxy 4000	All versions
Schneider Electric Mge Galaxy 5000	All versions
Schneider Electric Mge Galaxy 6000	All versions
Schneider Electric Mge Galaxy 9000	All versions
Schneider Electric Mge Galaxy Pw	All versions

References (2)

https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/

Source: cybersecurity@se.com

Vendor Advisory

https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.