CVE-2018-7236

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service.

CVSS v3 8.1 HIGH
CVSS v2.0 5.8 MEDIUM

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/	Patch Vendor Advisory
https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:mps110-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:mps110-1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:schneider-electric:imps110-1er_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imps110-1er:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:schneider-electric:ibps110-1er_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ibps110-1er:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:schneider-electric:imp1110-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imp1110-1:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:schneider-electric:imp1110-1e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imp1110-1e:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:schneider-electric:imp1110-1er_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imp1110-1er:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:schneider-electric:ibp1110-1er_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ibp1110-1er:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:schneider-electric:imp219-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imp219-1:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:schneider-electric:imp219-1e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imp219-1e:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:schneider-electric:imp219-1er_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imp219-1er:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:schneider-electric:ibp219-1er_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ibp219-1er:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:schneider-electric:imp319-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imp319-1:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:schneider-electric:imp319-1e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imp319-1e:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:schneider-electric:ibp319-1er_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ibp319-1er:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:schneider-electric:imp519-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imp519-1:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:schneider-electric:imp319-1er_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imp319-1er:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:schneider-electric:imp519-1e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imp519-1e:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:schneider-electric:imp519-1er_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imp519-1er:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:schneider-electric:ibp519-1er_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ibp519-1er:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:schneider-electric:imps110-1e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imps110-1e:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:11

Type	Values Removed	Values Added
References	~~() https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/ - Patch, Vendor Advisory~~	() https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/ - Patch, Vendor Advisory

02 Feb 2022, 02:08

Type	Values Removed	Values Added
CPE	cpe:2.3:o:schneider_electric:imp519-1e_firmware:::::::: cpe:2.3:o:schneider_electric:imp319-1er_firmware:::::::: cpe:2.3:o:schneider_electric:mps110-1_firmware:::::::: cpe:2.3:o:schneider_electric:ibp319-1er_firmware:::::::: cpe:2.3:o:schneider_electric:imp319-1e_firmware:::::::: cpe:2.3:o:schneider_electric:imp519-1er_firmware:::::::: cpe:2.3:h:schneider_electric:imp319-1e:-:::::::* cpe:2.3:h:schneider_electric:imp319-1:-:::::::* cpe:2.3:h:schneider_electric:imp219-1:-:::::::* cpe:2.3:h:schneider_electric:ibp219-1er:-:::::::* cpe:2.3:o:schneider_electric:imp1110-1e_firmware:::::::: cpe:2.3:h:schneider_electric:imp519-1er:-:::::::* cpe:2.3:h:schneider_electric:imp1110-1er:-:::::::* cpe:2.3:o:schneider_electric:ibp219-1er_firmware:::::::: cpe:2.3:o:schneider_electric:ibps110-1er_firmware:::::::: cpe:2.3:h:schneider_electric:imp219-1er:-:::::::* cpe:2.3:h:schneider_electric:ibp319-1er:-:::::::* cpe:2.3:o:schneider_electric:imp219-1_firmware:::::::: cpe:2.3:h:schneider_electric:ibp1110-1er:-:::::::* cpe:2.3:o:schneider_electric:imp1110-1er_firmware:::::::: cpe:2.3:o:schneider_electric:imps110-1e_firmware:::::::: cpe:2.3:o:schneider_electric:ibp519-1er_firmware:::::::: cpe:2.3:h:schneider_electric:imps110-1e:-:::::::* cpe:2.3:h:schneider_electric:imp519-1:-:::::::* cpe:2.3:h:schneider_electric:imp319-1er:-:::::::* cpe:2.3:o:schneider_electric:imp1110-1_firmware:::::::: cpe:2.3:h:schneider_electric:ibps110-1er:-:::::::* cpe:2.3:o:schneider_electric:imp519-1_firmware:::::::: cpe:2.3:h:schneider_electric:imp1110-1:-:::::::* cpe:2.3:o:schneider_electric:imp219-1e_firmware:::::::: cpe:2.3:h:schneider_electric:imp1110-1e:-:::::::* cpe:2.3:h:schneider_electric:imps110-1er:-:::::::* cpe:2.3:o:schneider_electric:imp219-1er_firmware:::::::: cpe:2.3:o:schneider_electric:ibp1110-1er_firmware:::::::: cpe:2.3:h:schneider_electric:imp519-1e:-:::::::* cpe:2.3:h:schneider_electric:imp219-1e:-:::::::* cpe:2.3:h:schneider_electric:ibp519-1er:-:::::::* cpe:2.3:o:schneider_electric:imp319-1_firmware:::::::: cpe:2.3:o:schneider_electric:imps110-1er_firmware::::::::	cpe:2.3:o:schneider-electric:ibp1110-1er_firmware:::::::: cpe:2.3:h:schneider-electric:imp219-1er:-:::::::* cpe:2.3:o:schneider-electric:ibps110-1er_firmware:::::::: cpe:2.3:h:schneider-electric:ibp319-1er:-:::::::* cpe:2.3:o:schneider-electric:imp1110-1e_firmware:::::::: cpe:2.3:h:schneider-electric:ibp219-1er:-:::::::* cpe:2.3:o:schneider-electric:imps110-1e_firmware:::::::: cpe:2.3:h:schneider-electric:imp319-1e:-:::::::* cpe:2.3:o:schneider-electric:imp319-1er_firmware:::::::: cpe:2.3:h:schneider-electric:imp219-1:-:::::::* cpe:2.3:h:schneider-electric:imp1110-1:-:::::::* cpe:2.3:o:schneider-electric:imp219-1_firmware:::::::: cpe:2.3:h:schneider-electric:ibp519-1er:-:::::::* cpe:2.3:o:schneider-electric:imp319-1_firmware:::::::: cpe:2.3:h:schneider-electric:imp319-1:-:::::::* cpe:2.3:o:schneider-electric:imp219-1er_firmware:::::::: cpe:2.3:o:schneider-electric:imp219-1e_firmware:::::::: cpe:2.3:h:schneider-electric:imp519-1:-:::::::* cpe:2.3:o:schneider-electric:mps110-1_firmware:::::::: cpe:2.3:h:schneider-electric:imp519-1er:-:::::::* cpe:2.3:h:schneider-electric:imp1110-1er:-:::::::* cpe:2.3:h:schneider-electric:imp319-1er:-:::::::* cpe:2.3:h:schneider-electric:imp1110-1e:-:::::::* cpe:2.3:h:schneider-electric:imp519-1e:-:::::::* cpe:2.3:o:schneider-electric:imp519-1e_firmware:::::::: cpe:2.3:h:schneider-electric:ibps110-1er:-:::::::* cpe:2.3:h:schneider-electric:imps110-1e:-:::::::* cpe:2.3:h:schneider-electric:imps110-1er:-:::::::* cpe:2.3:o:schneider-electric:imp1110-1er_firmware:::::::: cpe:2.3:h:schneider-electric:imp219-1e:-:::::::* cpe:2.3:o:schneider-electric:ibp519-1er_firmware:::::::: cpe:2.3:o:schneider-electric:ibp219-1er_firmware:::::::: cpe:2.3:o:schneider-electric:imp1110-1_firmware:::::::: cpe:2.3:h:schneider-electric:ibp1110-1er:-:::::::* cpe:2.3:o:schneider-electric:imp319-1e_firmware:::::::: cpe:2.3:o:schneider-electric:ibp319-1er_firmware:::::::: cpe:2.3:o:schneider-electric:imp519-1_firmware:::::::: cpe:2.3:o:schneider-electric:imp519-1er_firmware:::::::: cpe:2.3:o:schneider-electric:imps110-1er_firmware::::::::

31 Jan 2022, 20:16

Type	Values Removed	Values Added
CPE	cpe:2.3:h:schneider_electric:mps110-1:-:::::::*	cpe:2.3:h:schneider-electric:mps110-1:-:::::::*

Information

Published : 2018-03-09 23:29

Updated : 2024-11-21 04:11

NVD link : CVE-2018-7236

Mitre link : CVE-2018-7236

CVE.ORG link : CVE-2018-7236

JSON object : View

Products Affected

schneider-electric

imp1110-1
imp319-1e_firmware
ibp219-1er_firmware
ibp519-1er_firmware
ibp319-1er_firmware
ibps110-1er
imp219-1er
imp319-1er_firmware
imp519-1_firmware
ibps110-1er_firmware
ibp1110-1er_firmware
imp219-1er_firmware
imp1110-1er_firmware
mps110-1_firmware
imp219-1
imps110-1er_firmware
imp319-1er
imp519-1er_firmware
imps110-1e
ibp1110-1er
imp219-1e_firmware
imp319-1_firmware
ibp219-1er
mps110-1
imp219-1_firmware
imp519-1er
imp1110-1er
ibp319-1er
imp219-1e
imp519-1
ibp519-1er
imps110-1e_firmware
imp319-1e
imps110-1er
imp1110-1_firmware
imp319-1
imp519-1e_firmware
imp519-1e
imp1110-1e
imp1110-1e_firmware

CWE

CWE-287

Improper Authentication

8.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.8 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2018-7236

8.1^/10

5.8^/10

Attach tags to `CVE-2018-7236`