CVE-2018-7246

🗓️ 18 Apr 2018 20:00:00Reported by schneiderType

cve🔗 web.nvd.nist.gov👁 51 Views🌐 WEB

Cleartext transmission vulnerability in Schneider Electric's 66074 MGE Network Management Card Transvers

Reporter	Title	Published	Views	Family All 6
CNVD	Schneider Electric MGE UPS and MGE STS 66074 MGE Network Management Card Transverse Sensitive Information Vulnerability (CNVD-2018-11132)	10 May 201800:00	–	cnvd
Cvelist	CVE-2018-7246	18 Apr 201820:00	–	cvelist
EUVD	EUVD-2018-18985	7 Oct 202500:30	–	euvd
NVD	CVE-2018-7246	18 Apr 201820:29	–	nvd
Prion	Design/Logic Flaw	18 Apr 201820:29	–	prion
Positive Technologies	PT-2018-38: Information Disclosure in APC Uninterrupted Power Supplies	20 Feb 201600:00	–	ptsecurity

NVD

Node

schneider-electric 66074_mge_network_management_card_transverseMatch-

AND

schneider-electric mge_comet_upsMatch-

schneider-electric mge_eps_6000Match-

schneider-electric mge_eps_7000Match-

schneider-electric mge_eps_8000Match-

schneider-electric mge_galaxy_3000Match-

schneider-electric mge_galaxy_4000Match-

schneider-electric mge_galaxy_5000Match-

schneider-electric mge_galaxy_6000Match-

schneider-electric mge_galaxy_9000Match-

schneider-electric mge_galaxy_pwMatch-

[
  {
    "product": "66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS",
    "vendor": "Schneider Electric SE",
    "versions": [
      {
        "status": "affected",
        "version": "MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000"
      }
    ]
  }
]

Source	Link
schneider-electric	www.schneider-electric.com/en/download/document/SEVD-2018-074-01/

Parameter	Position	Path	Description	CWE
username	path	/ups/pas_cont.htm	Cleartext transmission vulnerability due to lack of SSL when accessing the Access Control page, exposing credentials in transit.	CWE-319
password	path	/ups/pas_cont.htm	Cleartext transmission vulnerability due to lack of SSL when accessing the Access Control page, exposing credentials in transit.	CWE-319

21 Nov 2024 04:11Current

9.2High risk

Vulners AI Score9.2

CVSS 25

CVSS 39.8

EPSS0.00151