CVE-2018-7234

CWE-295 — Improper Certificate Validation3 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 66.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Ibp1110-1er Firmware Schneider-electric Ibp219-1er Firmware Schneider-electric Ibp319-1er Firmware +18 more

Timeline

PublishedMar 9

Latest updateMay 13

Description

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages21 packages

▶CVEListV5schneider_electric_se/pelco_sarix_professionalall firmware versions prior to 3.29.74

▶NVDschneider-electric/imp219-1_firmware< 3.29.67

▶NVDschneider-electric/imp319-1_firmware< 3.29.67

▶NVDschneider-electric/imp519-1_firmware< 3.29.67

▶NVDschneider-electric/mps110-1_firmware< 3.29.67

Patches

Patch: www.schneider-electric.com ↗Patch: www.schneider-electric.com ↗

🔴Vulnerability Details

GHSA

GHSA-qjq7-2mhq-r456: A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3↗2022-05-13

▶

CVEList

CVE-2018-7234: A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3↗2018-03-09

▶