CVE-2018-7234
published 2018-03-09CVE-2018-7234: A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | ibp1110-1er_firmware | < 3.29.67 | 3.29.67 |
| schneider-electric | ibp219-1er_firmware | < 3.29.67 | 3.29.67 |
| schneider-electric | ibp319-1er_firmware | < 3.29.67 | 3.29.67 |
| schneider-electric | ibp519-1er_firmware | < 3.29.67 | 3.29.67 |
| schneider-electric | ibps110-1er_firmware | < 3.29.67 | 3.29.67 |
| schneider-electric | imp1110-1_firmware | < 3.29.67 | 3.29.67 |
| schneider-electric | imp1110-1e_firmware | < 3.29.67 | 3.29.67 |
| schneider-electric | imp1110-1er_firmware | < 3.29.67 | 3.29.67 |
| schneider-electric | imp219-1_firmware | < 3.29.67 | 3.29.67 |
| schneider-electric | imp219-1e_firmware | < 3.29.67 | 3.29.67 |
| schneider-electric | imp219-1er_firmware | < 3.29.67 | 3.29.67 |
| schneider-electric | imp319-1_firmware | < 3.29.67 | 3.29.67 |
| schneider-electric | imp319-1e_firmware | < 3.29.67 | 3.29.67 |
| schneider-electric | imp319-1er_firmware | < 3.29.67 | 3.29.67 |
| schneider-electric | imp519-1_firmware | < 3.29.67 | 3.29.67 |
| schneider-electric | imp519-1e_firmware | < 3.29.67 | 3.29.67 |
| schneider-electric | imp519-1er_firmware | < 3.29.67 | 3.29.67 |
| schneider-electric | imps110-1e_firmware | < 3.29.67 | 3.29.67 |
| schneider-electric | imps110-1er_firmware | < 3.29.67 | 3.29.67 |
| schneider-electric | mps110-1_firmware | < 3.29.67 | 3.29.67 |
| schneider_electric_se | pelco_sarix_professional | — | — |