CVE-2018-7246

Published: Apr 18, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page "Access Control" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext

Affected (1)

Products: Schneider Electric: 66074 Mge Network Management Card Transverse

Schneider Electric

1 product

66074 Mge Network Management Card Transverse

Configuration A

1 vulnerable · 10 platform

Vulnerable Software	Affected Versions
Schneider Electric 66074 Mge Network Management Card Transverse	All versions

Running on/with	Platform Versions
Schneider Electric Mge Comet Ups	All versions
Schneider Electric Mge Eps 6000	All versions
Schneider Electric Mge Eps 7000	All versions
Schneider Electric Mge Eps 8000	All versions
Schneider Electric Mge Galaxy 3000	All versions
Schneider Electric Mge Galaxy 4000	All versions
Schneider Electric Mge Galaxy 5000	All versions
Schneider Electric Mge Galaxy 6000	All versions
Schneider Electric Mge Galaxy 9000	All versions
Schneider Electric Mge Galaxy Pw	All versions

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/

Source: cybersecurity@se.com

MitigationVendor Advisory

https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.