Schneider Electric Se Pelco Sarix Professional vulnerabilities

12 known vulnerabilities affecting schneider_electric_se/pelco_sarix_professional.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2018-7238CRITICALCVSS 9.8vall firmware versions prior to 3.29.782018-03-09
CVE-2018-7238 [CRITICAL] CWE-120 CVE-2018-7238: A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Profe A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to execute arbitrary code.
cvelistv5nvd
CVE-2018-7229CRITICALCVSS 9.8vall firmware versions prior to 3.29.692018-03-09
CVE-2018-7229 [CRITICAL] CWE-798 CVE-2018-7229: A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials.
cvelistv5nvd
CVE-2018-7232CRITICALCVSS 9.8vall firmware versions prior to 3.29.722018-03-09
CVE-2018-7232 [CRITICAL] CWE-20 CVE-2018-7232: A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'network.ieee8021x.delete_certs'.
cvelistv5nvd
CVE-2018-7231CRITICALCVSS 9.8vall firmware versions prior to 3.29.712018-03-09
CVE-2018-7231 [CRITICAL] CWE-20 CVE-2018-7231: A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'.
cvelistv5nvd
CVE-2018-7228CRITICALCVSS 9.8vall firmware versions prior to 3.29.682018-03-09
CVE-2018-7228 [CRITICAL] CWE-287 CVE-2018-7228: A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get the administrator privileges.
cvelistv5nvd
CVE-2018-7237CRITICALCVSS 9.1vall firmware versions prior to 3.29.772018-03-09
CVE-2018-7237 [CRITICAL] CWE-20 CVE-2018-7237: A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of validation of the /login/bin/set_param to the file name with the value of 'system.delete.sd_file'
cvelistv5nvd
CVE-2018-7233CRITICALCVSS 9.8vall firmware versions prior to 3.29.732018-03-09
CVE-2018-7233 [CRITICAL] CWE-20 CVE-2018-7233: A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'model_name' or 'mac_address'.
cvelistv5nvd
CVE-2018-7236HIGHCVSS 8.1vall firmware versions prior to 3.29.762018-03-09
CVE-2018-7236 [HIGH] CWE-287 CVE-2018-7236: A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service.
cvelistv5nvd
CVE-2018-7234HIGHCVSS 7.5vall firmware versions prior to 3.29.742018-03-09
CVE-2018-7234 [HIGH] CWE-295 CVE-2018-7234: A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate.
cvelistv5nvd
CVE-2018-7230HIGHCVSS 8.8vall firmware versions prior to 3.29.702018-03-09
CVE-2018-7230 [HIGH] CWE-611 CVE-2018-7230: A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67.
cvelistv5nvd
CVE-2018-7235HIGHCVSS 7.5vall firmware versions prior to 3.29.752018-03-09
CVE-2018-7235 [HIGH] CWE-20 CVE-2018-7235: A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file'
cvelistv5nvd
CVE-2018-7227MEDIUMCVSS 5.3vall firmware versions prior to 3.29.672018-03-09
CVE-2018-7227 [MEDIUM] CWE-287 CVE-2018-7227: A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker.
cvelistv5nvd