Lucene search

[email protected]NVD:CVE-2018-7236

HistoryMar 09, 2018 - 11:29 p.m.

CVE-2018-7236

2018-03-0923:29:00

CWE-287

[email protected]

web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.2%

JSON

A vulnerability exists in Schneider Electric’s Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service.

Affected configurations

NVD

Node

schneider-electricmps110-1_firmwareRange<3.29.67

AND

schneider-electricmps110-1Match-

Node

schneider-electricimps110-1er_firmwareRange<3.29.67

AND

schneider-electricimps110-1erMatch-

Node

schneider-electricibps110-1er_firmwareRange<3.29.67

AND

schneider-electricibps110-1erMatch-

Node

schneider-electricimp1110-1_firmwareRange<3.29.67

AND

schneider-electricimp1110-1Match-

Node

schneider-electricimp1110-1e_firmwareRange<3.29.67

AND

schneider-electricimp1110-1eMatch-

Node

schneider-electricimp1110-1er_firmwareRange<3.29.67

AND

schneider-electricimp1110-1erMatch-

Node

schneider-electricibp1110-1er_firmwareRange<3.29.67

AND

schneider-electricibp1110-1erMatch-

Node

schneider-electricimp219-1_firmwareRange<3.29.67

AND

schneider-electricimp219-1Match-

Node

schneider-electricimp219-1e_firmwareRange<3.29.67

AND

schneider-electricimp219-1eMatch-

Node

schneider-electricimp219-1er_firmwareRange<3.29.67

AND

schneider-electricimp219-1erMatch-

Node

schneider-electricibp219-1er_firmwareRange<3.29.67

AND

schneider-electricibp219-1erMatch-

Node

schneider-electricimp319-1_firmwareRange<3.29.67

AND

schneider-electricimp319-1Match-

Node

schneider-electricimp319-1e_firmwareRange<3.29.67

AND

schneider-electricimp319-1eMatch-

Node

schneider-electricibp319-1er_firmwareRange<3.29.67

AND

schneider-electricibp319-1erMatch-

Node

schneider-electricimp519-1_firmwareRange<3.29.67

AND

schneider-electricimp519-1Match-

Node

schneider-electricimp319-1er_firmwareRange<3.29.67

AND

schneider-electricimp319-1erMatch-

Node

schneider-electricimp519-1e_firmwareRange<3.29.67

AND

schneider-electricimp519-1eMatch-

Node

schneider-electricimp519-1er_firmwareRange<3.29.67

AND

schneider-electricimp519-1erMatch-

Node

schneider-electricibp519-1er_firmwareRange<3.29.67

AND

schneider-electricibp519-1erMatch-

Node

schneider-electricimps110-1e_firmwareRange<3.29.67

AND

schneider-electricimps110-1eMatch-

References

www.schneider-electric.com/en/download/document/SEVD-2018-058-01/

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.2%

JSON

Related for NVD:CVE-2018-7236

cvelist1 prion1 cve1 zeroscience1