Vulnerability-Lookup

CVE-2018-7820 (GCVE-0-2018-7820)

Vulnerability from cvelistv5 – Published: 2019-09-17 19:45 – Updated: 2024-08-05 06:37

Summary

Severity ?

No CVSS data available.

CWE

CWE-255 - Credentials Management

Assigner

schneider

References

URL

	Vendor	Product	Version
	Schneider Electric SE	APC UPS Network Management Card 2 AOS	Affected: v6.5.6

CNVD-2020-22291

Vulnerability from cnvd - Published: 2020-04-11

Title

Schneider Electric APC UPS Network Management Card 2信任管理问题漏洞

Description

Schneider Electric APC UPS Network Management Card 2是法国施耐德电气（Schneider Electric）公司的一款网络管理卡。 Schneider Electric APC UPS Network Management Card 2 AOS v6.5.6版本中存在信任管理问题漏洞。该漏洞源于网络系统或产品中缺乏有效的信任管理机制。攻击者可利用默认密码或者硬编码密码、硬编码证书等攻击受影响组件。

Severity

中

Patch Name

Schneider Electric APC UPS Network Management Card 2信任管理问题漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf

Reference

https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf

Impacted products

Name
Schneider Electric APC UPS Network Management Card 2 AOS 6.5.6

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-7820",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2018-7820"
    }
  },
  "description": "Schneider Electric APC UPS Network Management Card 2\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7f51\u7edc\u7ba1\u7406\u5361\u3002\n\nSchneider Electric APC UPS Network Management Card 2 AOS v6.5.6\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u4e2d\u7f3a\u4e4f\u6709\u6548\u7684\u4fe1\u4efb\u7ba1\u7406\u673a\u5236\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u9ed8\u8ba4\u5bc6\u7801\u6216\u8005\u786c\u7f16\u7801\u5bc6\u7801\u3001\u786c\u7f16\u7801\u8bc1\u4e66\u7b49\u653b\u51fb\u53d7\u5f71\u54cd\u7ec4\u4ef6\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-22291",
  "openTime": "2020-04-11",
  "patchDescription": "Schneider Electric APC UPS Network Management Card 2\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7f51\u7edc\u7ba1\u7406\u5361\u3002\r\n\r\nSchneider Electric APC UPS Network Management Card 2 AOS v6.5.6\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u4e2d\u7f3a\u4e4f\u6709\u6548\u7684\u4fe1\u4efb\u7ba1\u7406\u673a\u5236\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u9ed8\u8ba4\u5bc6\u7801\u6216\u8005\u786c\u7f16\u7801\u5bc6\u7801\u3001\u786c\u7f16\u7801\u8bc1\u4e66\u7b49\u653b\u51fb\u53d7\u5f71\u54cd\u7ec4\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Schneider Electric APC UPS Network Management Card 2\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Schneider Electric APC UPS Network Management Card 2 AOS 6.5.6"
  },
  "referenceLink": "https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf",
  "serverity": "\u4e2d",
  "submitTime": "2019-09-23",
  "title": "Schneider Electric APC UPS Network Management Card 2\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e"
}

GHSA-FF72-JPJQ-GXXC

Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2023-03-01 03:30

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-7820"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-17T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled.",
  "id": "GHSA-ff72-jpjq-gxxc",
  "modified": "2023-03-01T03:30:29Z",
  "published": "2022-05-24T16:56:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7820"
    },
    {
      "type": "WEB",
      "url": "https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201909-1388

Vulnerability from variot - Updated: 2024-11-23 22:48

A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled. Schneider Electric APC UPS Network Management Card 2 is a network management card of French Schneider Electric (Schneider Electric) company. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use the default password or hard-coded passwords, hard-coded certificates, etc. to attack the affected components

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201909-1388",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ap9635",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "6.7.2"
      },
      {
        "model": "smart-ups srt 5kva",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "6.7.2"
      },
      {
        "model": "ap9630",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "6.7.2"
      },
      {
        "model": "ap9631",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "6.7.2"
      },
      {
        "model": "ap9630",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "6.5.6"
      },
      {
        "model": "ap9631",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "6.5.6"
      },
      {
        "model": "ap9635",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "6.5.6"
      },
      {
        "model": "smart-ups srt 5kva",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "6.5.6"
      },
      {
        "model": "electric apc ups network management card aos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "26.5.6"
      },
      {
        "model": "ap9631",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "smart-ups srt 5kva",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "ap9635",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "ap9630",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider electric",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22291"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-814"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7820"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:schneider_electric:ap9630_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:schneider_electric:ap9631_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:schneider_electric:ap9635_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:schneider_electric:smart-ups_srt_5kva_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016072"
      }
    ]
  },
  "cve": "CVE-2018-7820",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-7820",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-22291",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-7820",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-7820",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-7820",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-7820",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-22291",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201909-814",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22291"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-814"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7820"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled. Schneider Electric APC UPS Network Management Card 2 is a network management card of French Schneider Electric (Schneider Electric) company. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use the default password or hard-coded passwords, hard-coded certificates, etc. to attack the affected components",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-7820"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016072"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-22291"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-7820",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016072",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-22291",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-814",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22291"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-814"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7820"
      }
    ]
  },
  "id": "VAR-201909-1388",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22291"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22291"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:48:14.180000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Network Management Card 2 (NMC 2) Firmware v6.7.2 for Smart-UPS and Single-Phase Symmetra Release Notes",
        "trust": 0.8,
        "url": "https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf"
      },
      {
        "title": "Patch for Schneider Electric APC UPS Network Management Card 2 Trust Management Issue Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/213423"
      },
      {
        "title": "Schneider Electric APC UPS Network Management Card 2 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98347"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22291"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-814"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-522",
        "trust": 1.8
      },
      {
        "problemtype": "CWE-255",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016072"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7820"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://www.apc.com/salestools/ccon-bfqmxc/ccon-bfqmxc_r0_en.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7820"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7820"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22291"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-814"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7820"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22291"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-814"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7820"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-22291"
      },
      {
        "date": "2019-09-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-016072"
      },
      {
        "date": "2019-09-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201909-814"
      },
      {
        "date": "2019-09-17T20:15:11",
        "db": "NVD",
        "id": "CVE-2018-7820"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-22291"
      },
      {
        "date": "2019-09-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-016072"
      },
      {
        "date": "2019-09-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201909-814"
      },
      {
        "date": "2024-11-21T04:12:47.413000",
        "db": "NVD",
        "id": "CVE-2018-7820"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-814"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Schneider Electric APC UPS Network Management Card 2 Trust Management Issue Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22291"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-814"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-814"
      }
    ],
    "trust": 0.6
  }
}

GSD-2018-7820

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-7820

Aliases

CVE-2018-7820

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-7820",
    "description": "A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled.",
    "id": "GSD-2018-7820"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-7820"
      ],
      "details": "A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled.",
      "id": "GSD-2018-7820",
      "modified": "2023-12-13T01:22:32.681194Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2018-7820",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "APC UPS Network Management Card 2 AOS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "v6.5.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Schneider Electric SE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-255:Credentials Management"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf",
            "refsource": "CONFIRM",
            "url": "https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:ap9630_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.7.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:ap9630:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:smart-ups_srt_5kva_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.7.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:smart-ups_srt_5kva:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:ap9631_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.7.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:ap9631:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:ap9635_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.7.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:ap9635:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2018-7820"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-03-01T01:22Z",
      "publishedDate": "2019-09-17T20:15Z"
    }
  }
}

FKIE_CVE-2018-7820

Vulnerability from fkie_nvd - Published: 2019-09-17 20:15 - Updated: 2024-11-21 04:12

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	cybersecurity@se.com	https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	ap9630_firmware	*
schneider-electric	ap9630	-
schneider-electric	smart-ups_srt_5kva_firmware	*
schneider-electric	smart-ups_srt_5kva	-
schneider-electric	ap9631_firmware	*
schneider-electric	ap9631	-
schneider-electric	ap9635_firmware	*
schneider-electric	ap9635	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:ap9630_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "789F5559-72FE-4620-A684-EF48D94FE0C0",
              "versionEndExcluding": "6.7.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:ap9630:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F506A9E-D04C-4A29-B6E8-F88BFF7629E0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:smart-ups_srt_5kva_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "03388B51-C023-4E2E-BE2F-1D73F461B105",
              "versionEndExcluding": "6.7.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:smart-ups_srt_5kva:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47BC2890-6BE7-4E5A-A751-BC60FF428EF3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:ap9631_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DCE6A12-CEB8-400F-AD0D-95EEFBC58050",
              "versionEndExcluding": "6.7.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:ap9631:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "096C4C31-4CAC-447D-8F49-12535035DCF7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:ap9635_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D3D7DCD-6584-482A-BDFF-D22AC3DC841E",
              "versionEndExcluding": "6.7.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:ap9635:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0AC4A1D-82AA-4836-B957-9CFF0DD22374",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad CWE-255 de Administraci\u00f3n de Credenciales en APC UPS Network Management Card 2 AOS versi\u00f3n v6.5.6, lo que podr\u00eda causar que las Credenciales de Monitoreo Remoto sean visualizadas en texto plano cuando el Monitoreo Remoto est\u00e1 habilitado y luego deshabilitado."
    }
  ],
  "id": "CVE-2018-7820",
  "lastModified": "2024-11-21T04:12:47.413",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-17T20:15:11.000",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-7820 (GCVE-0-2018-7820)

CNVD-2020-22291

GHSA-FF72-JPJQ-GXXC

VAR-201909-1388

GSD-2018-7820

FKIE_CVE-2018-7820

Tags

Sightings

Nomenclature