CVE-2018-7243 (GCVE-0-2018-7243)

Vulnerability from cvelistv5 – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:24
VLAI?
Summary
An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device, bypassing the authorization system.
Severity ?
No CVSS data available.
CWE
  • Authorization Bypass
Assigner
References
Impacted products
Vendor Product Version
Schneider Electric SE 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS Affected: MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:24:11.636Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS",
          "vendor": "Schneider Electric SE",
          "versions": [
            {
              "status": "affected",
              "version": "MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000"
            }
          ]
        }
      ],
      "datePublic": "2018-03-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An authorization bypass vulnerability exists In Schneider Electric\u0027s 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device, bypassing the authorization system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authorization Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-18T19:57:01",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2018-7243",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Schneider Electric SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An authorization bypass vulnerability exists In Schneider Electric\u0027s 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device, bypassing the authorization system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Authorization Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/",
              "refsource": "CONFIRM",
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2018-7243",
    "datePublished": "2018-04-18T20:00:00",
    "dateReserved": "2018-02-19T00:00:00",
    "dateUpdated": "2024-08-05T06:24:11.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-7243\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2018-04-18T20:29:00.420\",\"lastModified\":\"2024-11-21T04:11:51.923\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An authorization bypass vulnerability exists In Schneider Electric\u0027s 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device, bypassing the authorization system.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en 66074 MGE Network Management Card Transverse, de Schneider Electric, instalados en MGE UPS y MGE STS. El servidor web integrado (Port 80/443/TCP) de los dispositivos afectados podr\u00eda permitir que un atacante remoto obtenga acceso completo al dispositivo omitiendo el sistema de autorizaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:schneider-electric:66074_mge_network_management_card_transverse:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DBB8697-64F8-4D15-8B14-CDD51E99FBCF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_comet_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9837318-C9B6-448E-B701-40929C96795A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_eps_6000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98078458-B5AB-4AD2-9E57-390591469F37\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_eps_7000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05DE2424-0969-491D-A414-81A648F2F801\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_eps_8000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60DC5EF0-1929-4D67-89BF-47D6F6848411\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_galaxy_3000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"955C94DD-90E6-4AB1-87CC-4EDACEA47DF0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_galaxy_4000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FCAE877-B3E9-4970-B0EE-49C64C85715C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_galaxy_5000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EBFA4F2-6574-4D58-9B0C-317229DF503E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_galaxy_6000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"790BF7D0-4E2D-4607-8C47-C4B707538E66\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_galaxy_9000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54A1FC87-5319-4F69-9228-C664D505B1CC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:mge_galaxy_pw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59D9633E-051F-427A-BADA-61BC8501AAE9\"}]}]}],\"references\":[{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.