CVE-2018-7244 (GCVE-0-2018-7244)

Vulnerability from cvelistv5 – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:24
VLAI?
Summary
An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to obtain sensitive device information if network access was obtained.
Severity ?
No CVSS data available.
CWE
  • Information Exposure
Assigner
References
Impacted products
Vendor Product Version
Schneider Electric SE 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS Affected: MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:24:11.508Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS",
          "vendor": "Schneider Electric SE",
          "versions": [
            {
              "status": "affected",
              "version": "MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000"
            }
          ]
        }
      ],
      "datePublic": "2018-03-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure vulnerability exists In Schneider Electric\u0027s 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to obtain sensitive device information if network access was obtained."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Exposure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-18T19:57:01",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2018-7244",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Schneider Electric SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure vulnerability exists In Schneider Electric\u0027s 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to obtain sensitive device information if network access was obtained."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/",
              "refsource": "CONFIRM",
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2018-7244",
    "datePublished": "2018-04-18T20:00:00",
    "dateReserved": "2018-02-19T00:00:00",
    "dateUpdated": "2024-08-05T06:24:11.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-7244\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2018-04-18T20:29:00.480\",\"lastModified\":\"2024-11-21T04:11:52.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An information disclosure vulnerability exists In Schneider Electric\u0027s 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to obtain sensitive device information if network access was obtained.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en 66074 MGE Network Management Card Transverse, de Schneider Electric, instalados en MGE UPS y MGE STS. El servidor web integrado (Port 80/443/TCP) de los dispositivos afectados podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n sensible del dispositivo si obtiene acceso de red.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:schneider-electric:66074_mge_network_management_card_transverse:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DBB8697-64F8-4D15-8B14-CDD51E99FBCF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_comet_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9837318-C9B6-448E-B701-40929C96795A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_eps_6000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98078458-B5AB-4AD2-9E57-390591469F37\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_eps_7000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05DE2424-0969-491D-A414-81A648F2F801\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_eps_8000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60DC5EF0-1929-4D67-89BF-47D6F6848411\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_galaxy_3000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"955C94DD-90E6-4AB1-87CC-4EDACEA47DF0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_galaxy_4000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FCAE877-B3E9-4970-B0EE-49C64C85715C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_galaxy_5000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EBFA4F2-6574-4D58-9B0C-317229DF503E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_galaxy_6000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"790BF7D0-4E2D-4607-8C47-C4B707538E66\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_galaxy_9000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54A1FC87-5319-4F69-9228-C664D505B1CC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_galaxy_pw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59D9633E-051F-427A-BADA-61BC8501AAE9\"}]}]}],\"references\":[{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.