CVE-2018-7782

Published: Jul 3, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text.

Affected (20)

Products: Schneider Electric: Imps110 1 Firmware, Imps110 1e Firmware, Imps110 1er Firmware, Ibps110 1er Firmware, Imp1110 1 Firmware, Imp1110 1e Firmware, Imp1110 1er Firmware, Ibp1110 1er Firmware, Imp219 1 Firmware, Imp219 1e Firmware, Imp219 1er Firmware, Ibp219 1er Firmware, Imp319 1 Firmware, Imp319 1e Firmware, Imp319 1er Firmware, Ibp319 1er Firmware, Imp519 1 Firmware, Imp519 1e Firmware, Imp519 1er Firmware, Ibp519 1er Firmware

20 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imps110 1 Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Imps110 1	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imps110 1e Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Imps110 1e	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imps110 1er Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Imps110 1er	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Ibps110 1er Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Ibps110 1er	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp1110 1 Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Imp1110 1	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp1110 1e Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Imp1110 1e	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp1110 1er Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Imp1110 1er	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Ibp1110 1er Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Ibp1110 1er	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp219 1 Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Imp219 1	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp219 1e Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Imp219 1e	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp219 1er Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Imp219 1er	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Ibp219 1er Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Ibp219 1er	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp319 1 Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Imp319 1	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp319 1e Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Imp319 1e	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp319 1er Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Imp319 1er	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Ibp319 1er Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Ibp319 1er	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp519 1 Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Imp519 1	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp519 1e Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Imp519 1e	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Imp519 1er Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Imp519 1er	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Ibp519 1er Firmware	Before 3.29.69

Running on/with	Platform Versions
Schneider Electric Ibp519 1er	All versions

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://www.schneider-electric.com/en/download/document/SEVD-2018-114-01/

Source: cybersecurity@se.com

Vendor Advisory

https://www.schneider-electric.com/en/download/document/SEVD-2018-114-01/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.