Vulnerability-Lookup

CVE-2018-7246 (GCVE-0-2018-7246)

Vulnerability from cvelistv5 – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:24

Summary

Severity ?

No CVSS data available.

CWE

Cleartext Transmission of Sensitive Information

Assigner

schneider

References

URL

	Vendor	Product	Version
	Schneider Electric SE	66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS	Affected: MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000

GSD-2018-7246

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-7246

Aliases

CVE-2018-7246

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-7246",
    "description": "A cleartext transmission of sensitive information vulnerability exists in Schneider Electric\u0027s 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page \"Access Control\" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext",
    "id": "GSD-2018-7246"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-7246"
      ],
      "details": "A cleartext transmission of sensitive information vulnerability exists in Schneider Electric\u0027s 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page \"Access Control\" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext",
      "id": "GSD-2018-7246",
      "modified": "2023-12-13T01:22:32.412561Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2018-7246",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Schneider Electric SE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A cleartext transmission of sensitive information vulnerability exists in Schneider Electric\u0027s 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page \"Access Control\" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cleartext Transmission of Sensitive Information"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/",
            "refsource": "CONFIRM",
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:66074_mge_network_management_card_transverse:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mge_galaxy_5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mge_galaxy_6000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mge_galaxy_9000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mge_galaxy_pw:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mge_galaxy_3000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mge_galaxy_4000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mge_eps_7000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mge_eps_6000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mge_eps_8000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:mge_comet_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2018-7246"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A cleartext transmission of sensitive information vulnerability exists in Schneider Electric\u0027s 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page \"Access Control\" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-319"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-04-18T20:29Z"
    }
  }
}

GHSA-G3R4-3CW9-J3P7

Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-7246"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-319"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-18T20:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A cleartext transmission of sensitive information vulnerability exists in Schneider Electric\u0027s 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page \"Access Control\" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext",
  "id": "GHSA-g3r4-3cw9-j3p7",
  "modified": "2022-05-13T01:53:18Z",
  "published": "2022-05-13T01:53:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7246"
    },
    {
      "type": "WEB",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2018-AVI-136

Vulnerability from certfr_avis - Published: 2018-03-19 - Updated: 2018-03-19

De multiples vulnérabilités ont été découvertes dans SCADA Schneider Electric MGE SNMP/Web Card 66074. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	MGE EPS 8000
Schneider Electric	N/A	MGE Galaxy PW
Schneider Electric	N/A	MGE EPS 6000
Schneider Electric	N/A	MGE Galaxy 4000
Schneider Electric	N/A	MGE Comet 3000
Schneider Electric	N/A	MGE EPS 7000
Schneider Electric	N/A	MGE Comet UPS
Schneider Electric	N/A	MGE Galaxy 5000
Schneider Electric	N/A	MGE Galaxy 3000
Schneider Electric	N/A	MGE Galaxy 6000
Schneider Electric	N/A	MGE Galaxy 9000
Schneider Electric	N/A	MGE STS(Upsilon and Epsilon)

References

Title

Publication Time

FKIE_CVE-2018-7246

Vulnerability from fkie_nvd - Published: 2018-04-18 20:29 - Updated: 2024-11-21 04:11

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	cybersecurity@se.com	https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/	Mitigation, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/	Mitigation, Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	66074_mge_network_management_card_transverse	-
schneider-electric	mge_comet_ups	-
schneider-electric	mge_eps_6000	-
schneider-electric	mge_eps_7000	-
schneider-electric	mge_eps_8000	-
schneider-electric	mge_galaxy_3000	-
schneider-electric	mge_galaxy_4000	-
schneider-electric	mge_galaxy_5000	-
schneider-electric	mge_galaxy_6000	-
schneider-electric	mge_galaxy_9000	-
schneider-electric	mge_galaxy_pw	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:66074_mge_network_management_card_transverse:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DBB8697-64F8-4D15-8B14-CDD51E99FBCF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:mge_comet_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9837318-C9B6-448E-B701-40929C96795A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:mge_eps_6000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98078458-B5AB-4AD2-9E57-390591469F37",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:mge_eps_7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "05DE2424-0969-491D-A414-81A648F2F801",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:mge_eps_8000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60DC5EF0-1929-4D67-89BF-47D6F6848411",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:mge_galaxy_3000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "955C94DD-90E6-4AB1-87CC-4EDACEA47DF0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:mge_galaxy_4000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FCAE877-B3E9-4970-B0EE-49C64C85715C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:mge_galaxy_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EBFA4F2-6574-4D58-9B0C-317229DF503E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:mge_galaxy_6000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "790BF7D0-4E2D-4607-8C47-C4B707538E66",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:mge_galaxy_9000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "54A1FC87-5319-4F69-9228-C664D505B1CC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:schneider-electric:mge_galaxy_pw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59D9633E-051F-427A-BADA-61BC8501AAE9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A cleartext transmission of sensitive information vulnerability exists in Schneider Electric\u0027s 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page \"Access Control\" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext"
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de transmisi\u00f3n en texto claro de informaci\u00f3n sensible en 66074 MGE Network Management Card Transverse, de Schneider Electric, instalado en MGE UPS y MGE STS. El servidor web integrado (Puerto 80/443/TCP) de los dispositivos afectados podr\u00eda permitir que atacantes remotos descubran una cuenta administrativa. Por defecto, si en el dispositivo no se emplea SSL en las opciones y si hay m\u00faltiples peticiones de la p\u00e1gina \"Access Control\" (IP-address device/ups/pas_cont.htm), los datos de la cuenta se enviar\u00e1n en texto claro."
    }
  ],
  "id": "CVE-2018-7246",
  "lastModified": "2024-11-21T04:11:52.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-18T20:29:00.577",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2018-11132

Vulnerability from cnvd - Published: 2018-06-08

Title

Schneider Electric MGE UPS和MGE STS 66074 MGE Network Management Card Transverse敏感信息漏洞（CNVD-2018-11132）

Description

Schneider Electric MGE UPS和MGE STS都是法国施耐德电气（Schneider Electric）公司的产品。Schneider Electric MGE UPS是一款不间断电源设备。MGE STS是一款静态切换开关。66074 MGE Network Management Card Transverse是其中的一个网络管理卡（网卡）。 Schneider Electric MGE UPS和MGE STS中的66074 MGE Network Management Card Transverse存在安全漏洞，该漏洞源于程序以明文的形式传输敏感数据。攻击者可借助受影响设备的集成Web服务器（端口80/443/TCP）利用该漏洞获取管理账户。

Severity

中

Patch Name

Schneider Electric MGE UPS和MGE STS 66074 MGE Network Management Card Transverse敏感信息漏洞（CNVD-2018-11132）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/

Reference

https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/

Impacted products

Name
['Schneider Electric MGE Galaxy PW', 'Schneider Electric MGE Comet UPS', 'Schneider Electric MGE EPS 6000', 'Schneider Electric MGE EPS 8000', 'Schneider Electric MGE EPS 7000', 'Schneider Electric MGE Galaxy 9000', 'Schneider Electric MGE Galaxy 6000', 'Schneider Electric MGE Galaxy 4000', 'Schneider Electric MGE Galaxy 3000', 'Schneider Electric MGE Galaxy 5000', 'Schneider Electric STS (MGE Upsilon)']

Name

['Schneider Electric MGE Galaxy PW', 'Schneider Electric MGE Comet UPS', 'Schneider Electric MGE EPS 6000', 'Schneider Electric MGE EPS 8000', 'Schneider Electric MGE EPS 7000', 'Schneider Electric MGE Galaxy 9000', 'Schneider Electric MGE Galaxy 6000', 'Schneider Electric MGE Galaxy 4000', 'Schneider Electric MGE Galaxy 3000', 'Schneider Electric MGE Galaxy 5000', 'Schneider Electric STS (MGE Upsilon)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-7246",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7246"
    }
  },
  "description": "Schneider Electric MGE UPS\u548cMGE STS\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Schneider Electric MGE UPS\u662f\u4e00\u6b3e\u4e0d\u95f4\u65ad\u7535\u6e90\u8bbe\u5907\u3002MGE STS\u662f\u4e00\u6b3e\u9759\u6001\u5207\u6362\u5f00\u5173\u300266074 MGE Network Management Card Transverse\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7f51\u7edc\u7ba1\u7406\u5361\uff08\u7f51\u5361\uff09\u3002\r\n\r\nSchneider Electric MGE UPS\u548cMGE STS\u4e2d\u768466074 MGE Network Management Card Transverse\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4ee5\u660e\u6587\u7684\u5f62\u5f0f\u4f20\u8f93\u654f\u611f\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u96c6\u6210Web\u670d\u52a1\u5668\uff08\u7aef\u53e380/443/TCP\uff09\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7ba1\u7406\u8d26\u6237\u3002",
  "discovererName": "Ilya Karpov (Positive Technologies)",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-11132",
  "openTime": "2018-06-08",
  "patchDescription": "Schneider Electric MGE UPS\u548cMGE STS\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Schneider Electric MGE UPS\u662f\u4e00\u6b3e\u4e0d\u95f4\u65ad\u7535\u6e90\u8bbe\u5907\u3002MGE STS\u662f\u4e00\u6b3e\u9759\u6001\u5207\u6362\u5f00\u5173\u300266074 MGE Network Management Card Transverse\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7f51\u7edc\u7ba1\u7406\u5361\uff08\u7f51\u5361\uff09\u3002\r\n\r\nSchneider Electric MGE UPS\u548cMGE STS\u4e2d\u768466074 MGE Network Management Card Transverse\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4ee5\u660e\u6587\u7684\u5f62\u5f0f\u4f20\u8f93\u654f\u611f\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u96c6\u6210Web\u670d\u52a1\u5668\uff08\u7aef\u53e380/443/TCP\uff09\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7ba1\u7406\u8d26\u6237\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Schneider Electric MGE UPS\u548cMGE STS 66074 MGE Network Management Card Transverse\u654f\u611f\u4fe1\u606f\u6f0f\u6d1e\uff08CNVD-2018-11132\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Schneider Electric MGE Galaxy PW",
      "Schneider Electric MGE Comet UPS",
      "Schneider Electric MGE EPS 6000",
      "Schneider Electric MGE EPS 8000",
      "Schneider Electric MGE EPS 7000",
      "Schneider Electric MGE Galaxy 9000",
      "Schneider Electric MGE Galaxy 6000",
      "Schneider Electric MGE  Galaxy 4000",
      "Schneider Electric MGE Galaxy 3000",
      "Schneider Electric MGE Galaxy 5000",
      "Schneider Electric STS (MGE Upsilon)"
    ]
  },
  "referenceLink": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/",
  "serverity": "\u4e2d",
  "submitTime": "2018-05-10",
  "title": "Schneider Electric MGE UPS\u548cMGE STS 66074 MGE Network Management Card Transverse\u654f\u611f\u4fe1\u606f\u6f0f\u6d1e\uff08CNVD-2018-11132\uff09"
}

VAR-201804-1273

Vulnerability from variot - Updated: 2024-11-23 21:53

A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page "Access Control" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext. SchneiderElectricMGEUPS and MGESTS are products of Schneider Electric. SchneiderElectricMGEUPS is an uninterruptible power supply unit. MGESTS is a static switch. 66074MGENetworkManagementCardTransverse is one of the network management cards (network cards). A security vulnerability exists in SchneiderElectricMGEUPS and 66074MGENetworkManagementCardTransverse in MGESTS, which is caused by the program transmitting sensitive data in clear text

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201804-1273",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "66074 mge network management card transverse",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "mge network management card transverse 66074",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "electric mge galaxy pw",
        "scope": null,
        "trust": 0.6,
        "vendor": "schneider",
        "version": null
      },
      {
        "model": "electric mge comet ups",
        "scope": null,
        "trust": 0.6,
        "vendor": "schneider",
        "version": null
      },
      {
        "model": "electric mge eps",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "6000"
      },
      {
        "model": "electric mge eps",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "8000"
      },
      {
        "model": "electric mge eps",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "7000"
      },
      {
        "model": "electric mge galaxy",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "9000"
      },
      {
        "model": "electric mge galaxy",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "6000"
      },
      {
        "model": "electric mge galaxy",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "4000"
      },
      {
        "model": "electric mge galaxy",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "3000"
      },
      {
        "model": "electric mge galaxy",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "5000"
      },
      {
        "model": "electric sts",
        "scope": null,
        "trust": 0.6,
        "vendor": "schneider",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-11132"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004355"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-827"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7246"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:schneider_electric:66074_mge_network_management_card_transverse",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004355"
      }
    ]
  },
  "cve": "CVE-2018-7246",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-7246",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-11132",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-7246",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-7246",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-7246",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-11132",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201804-827",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-11132"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004355"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-827"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7246"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A cleartext transmission of sensitive information vulnerability exists in Schneider Electric\u0027s 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page \"Access Control\" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext. SchneiderElectricMGEUPS and MGESTS are products of Schneider Electric. SchneiderElectricMGEUPS is an uninterruptible power supply unit. MGESTS is a static switch. 66074MGENetworkManagementCardTransverse is one of the network management cards (network cards). A security vulnerability exists in SchneiderElectricMGEUPS and 66074MGENetworkManagementCardTransverse in MGESTS, which is caused by the program transmitting sensitive data in clear text",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-7246"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004355"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-11132"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-7246",
        "trust": 3.0
      },
      {
        "db": "SCHNEIDER",
        "id": "SEVD-2018-074-01",
        "trust": 2.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004355",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-11132",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-827",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-11132"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004355"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-827"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7246"
      }
    ]
  },
  "id": "VAR-201804-1273",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-11132"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-11132"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:53:15.305000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SEVD-2018-074-01",
        "trust": 0.8,
        "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2018-074-01+MGE+Network+Management+Card+Transverse+installed+in+MGE+UPS+and+MGE+STS+V1.1.pdf\u0026p_Doc_Ref=SEVD-2018-074-01"
      },
      {
        "title": "Patch for SchneiderElectricMGEUPS and MGESTS66074MGENetworkManagementCardTransverse Sensitive Information Vulnerability (CNVD-2018-11132)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/131515"
      },
      {
        "title": "Schneider Electric MGE UPS  and MGE STS 66074 MGE Network Management Card Transverse Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80188"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-11132"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004355"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-827"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-319",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-255",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004355"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7246"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://www.schneider-electric.com/en/download/document/sevd-2018-074-01/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7246"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7246"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-11132"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004355"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-827"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7246"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-11132"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004355"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-827"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7246"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-06-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-11132"
      },
      {
        "date": "2018-06-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004355"
      },
      {
        "date": "2018-04-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-827"
      },
      {
        "date": "2018-04-18T20:29:00.577000",
        "db": "NVD",
        "id": "CVE-2018-7246"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-06-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-11132"
      },
      {
        "date": "2018-06-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004355"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-827"
      },
      {
        "date": "2024-11-21T04:11:52.270000",
        "db": "NVD",
        "id": "CVE-2018-7246"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-827"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Schneider Electric 66074 MGE Network Management Card Transverse Vulnerabilities related to certificate and password management",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004355"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-827"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-7246 (GCVE-0-2018-7246)

GSD-2018-7246

GHSA-G3R4-3CW9-J3P7

CERTFR-2018-AVI-136

Solution

FKIE_CVE-2018-7246

CNVD-2018-11132

VAR-201804-1273

Tags

Sightings

Nomenclature