CVE-2018-7244

Published: Apr 18, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to obtain sensitive device information if network access was obtained.

Affected (1)

Products: Schneider Electric: 66074 Mge Network Management Card Transverse

Schneider Electric

1 product

66074 Mge Network Management Card Transverse

Configuration A

1 vulnerable · 10 platform

Vulnerable Software	Affected Versions
Schneider Electric 66074 Mge Network Management Card Transverse	All versions

Running on/with	Platform Versions
Schneider Electric Mge Comet Ups	All versions
Schneider Electric Mge Eps 6000	All versions
Schneider Electric Mge Eps 7000	All versions
Schneider Electric Mge Eps 8000	All versions
Schneider Electric Mge Galaxy 3000	All versions
Schneider Electric Mge Galaxy 4000	All versions
Schneider Electric Mge Galaxy 5000	All versions
Schneider Electric Mge Galaxy 6000	All versions
Schneider Electric Mge Galaxy 9000	All versions
Schneider Electric Mge Galaxy Pw	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/

Source: cybersecurity@se.com

Vendor Advisory

https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.