CVE-2018-7227

CWE-287 — Improper Authentication3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 59.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Ibp1110-1er Firmware Schneider-electric Ibp219-1er Firmware Schneider-electric Ibp319-1er Firmware +18 more

Timeline

PublishedMar 9

Latest updateMay 13

Description

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages21 packages

▶CVEListV5schneider_electric_se/pelco_sarix_professionalall firmware versions prior to 3.29.67

▶NVDschneider-electric/imp219-1_firmware< 3.29.67

▶NVDschneider-electric/imp319-1_firmware< 3.29.67

▶NVDschneider-electric/imp519-1_firmware< 3.29.67

▶NVDschneider-electric/mps110-1_firmware< 3.29.67

Patches

Patch: www.schneider-electric.com ↗Patch: www.schneider-electric.com ↗

🔴Vulnerability Details

GHSA

GHSA-4j39-xf83-xp5q: A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3↗2022-05-13

▶

CVEList

CVE-2018-7227: A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3↗2018-03-09

▶