cbcvebase.
CVE-2018-7235
published 2018-03-09

CVE-2018-7235: A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file…

high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file'

Affected

21 ranges
VendorProductVersion rangeFixed in
schneider-electricibp1110-1er_firmware< 3.29.673.29.67
schneider-electricibp219-1er_firmware< 3.29.673.29.67
schneider-electricibp319-1er_firmware< 3.29.673.29.67
schneider-electricibp519-1er_firmware< 3.29.673.29.67
schneider-electricibps110-1er_firmware< 3.29.673.29.67
schneider-electricimp1110-1_firmware< 3.29.673.29.67
schneider-electricimp1110-1e_firmware< 3.29.673.29.67
schneider-electricimp1110-1er_firmware< 3.29.673.29.67
schneider-electricimp219-1_firmware< 3.29.673.29.67
schneider-electricimp219-1e_firmware< 3.29.673.29.67
schneider-electricimp219-1er_firmware< 3.29.673.29.67
schneider-electricimp319-1_firmware< 3.29.673.29.67
schneider-electricimp319-1e_firmware< 3.29.673.29.67
schneider-electricimp319-1er_firmware< 3.29.673.29.67
schneider-electricimp519-1_firmware< 3.29.673.29.67
schneider-electricimp519-1e_firmware< 3.29.673.29.67
schneider-electricimp519-1er_firmware< 3.29.673.29.67
schneider-electricimps110-1e_firmware< 3.29.673.29.67
schneider-electricimps110-1er_firmware< 3.29.673.29.67
schneider-electricmps110-1_firmware< 3.29.673.29.67
schneider_electric_sepelco_sarix_professional