cbcvebase.
CVE-2018-7836
published 2018-12-24

CVE-2018-7836: An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and…

PriorityP268critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
31.98%
98.1th percentile
An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files.

Affected

2 ranges
VendorProductVersion rangeFixed in
schneider-electriciiot_monitor
schneider_electric_seiiot_monitor_3.1.38

Detection & IOCsextracted from sources · hover to see the quote

  • Unrestricted file upload vulnerability exists across numerous methods of the IIoT Monitor software, enabling upload and execution of malicious files remotely without authentication
  • Vulnerability is exploitable remotely with low skill level and no privileges required; scope is changed (S:C), making it suitable for network-based detection of anomalous file upload activity to IIoT Monitor endpoints
  • No known public exploits exist at time of advisory publication; monitor for unexpected file uploads and execution on IIoT Monitor 3.1.38 and prior installations
  • ·All versions of IIoT Monitor up to and including 3.1.38 are affected; detections should target this version range
  • ·The vulnerability spans numerous upload methods in the software, meaning a single endpoint or API path cannot be relied upon as the sole detection surface — all file upload interfaces should be monitored

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.