CVE-2018-7245

2018-04-1820:00:00

schneider

www.cve.org

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

64.6%

JSON

An improper authorization vulnerability exists In Schneider Electric’s 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to change UPS control and shutdown parameters or other critical settings without authorization.

CNA Affected

[
  {
    "product": "66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS",
    "vendor": "Schneider Electric SE",
    "versions": [
      {
        "status": "affected",
        "version": "MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000"
      }
    ]
  }
]

References

www.schneider-electric.com/en/download/document/SEVD-2018-074-01/