VAR-201607-0384
Vulnerability from variot - Updated: 2025-04-13 23:38Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlA third party could gain access and thus execute arbitrary code. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0384",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pelco digital sentry video management system",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "7.6.32.9203"
},
{
"model": "pelco digital sentry video management system",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "7.14"
},
{
"model": "electric pelco digital sentry video management system",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "7.13"
},
{
"model": "pelco digital sentry video management system",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "7.6.32.9203"
},
{
"model": "pelco digital sentry video management system",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "7.13"
},
{
"model": "pelco digital sentry video management system",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "7.14"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04934"
},
{
"db": "BID",
"id": "91783"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003793"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-434"
},
{
"db": "NVD",
"id": "CVE-2016-4520"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:pelco_digital_sentry_video_management_system_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003793"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "91783"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4520",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-4520",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-04934",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-93339",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-4520",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4520",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-4520",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-04934",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-434",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-93339",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04934"
},
{
"db": "VULHUB",
"id": "VHN-93339"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003793"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-434"
},
{
"db": "NVD",
"id": "CVE-2016-4520"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlA third party could gain access and thus execute arbitrary code. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4520"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003793"
},
{
"db": "CNVD",
"id": "CNVD-2016-04934"
},
{
"db": "BID",
"id": "91783"
},
{
"db": "VULHUB",
"id": "VHN-93339"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-16-196-01",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2016-4520",
"trust": 3.4
},
{
"db": "BID",
"id": "91783",
"trust": 2.0
},
{
"db": "SCHNEIDER",
"id": "SEVD-2016-153-01",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003793",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-434",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-04934",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-93339",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04934"
},
{
"db": "VULHUB",
"id": "VHN-93339"
},
{
"db": "BID",
"id": "91783"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003793"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-434"
},
{
"db": "NVD",
"id": "CVE-2016-4520"
}
]
},
"id": "VAR-201607-0384",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04934"
},
{
"db": "VULHUB",
"id": "VHN-93339"
}
],
"trust": 1.5
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04934"
}
]
},
"last_update_date": "2025-04-13T23:38:59.519000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Digital Sentry",
"trust": 0.8,
"url": "https://www.pelco.com/video-management-solutions/digital-sentry-flexible-video-management#tab/documents"
},
{
"title": "SEVD-2016-153-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2016-153-01\u0026p_EnDocType=Technical%20leaflet\u0026p_File_Id=3576096274\u0026p_File_Name=SEVD-2016-153-01+Pelco+Digital+Sentry.pdf"
},
{
"title": "Patch for Schneider Electric Pelco Digital Sentry Video Management System has an unknown vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/79243"
},
{
"title": "Schneider Electric Pelco Digital Sentry Video Management System Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62976"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04934"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003793"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-434"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003793"
},
{
"db": "NVD",
"id": "CVE-2016-4520"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-196-01"
},
{
"trust": 1.7,
"url": "http://www.schneider-electric.com/ww/en/download/document/sevd-2016-153-01"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/91783"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4520"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4520"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04934"
},
{
"db": "VULHUB",
"id": "VHN-93339"
},
{
"db": "BID",
"id": "91783"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003793"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-434"
},
{
"db": "NVD",
"id": "CVE-2016-4520"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-04934"
},
{
"db": "VULHUB",
"id": "VHN-93339"
},
{
"db": "BID",
"id": "91783"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003793"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-434"
},
{
"db": "NVD",
"id": "CVE-2016-4520"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04934"
},
{
"date": "2016-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-93339"
},
{
"date": "2016-07-14T00:00:00",
"db": "BID",
"id": "91783"
},
{
"date": "2016-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003793"
},
{
"date": "2016-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-434"
},
{
"date": "2016-07-15T16:59:09.377000",
"db": "NVD",
"id": "CVE-2016-4520"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04934"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-93339"
},
{
"date": "2016-07-14T00:00:00",
"db": "BID",
"id": "91783"
},
{
"date": "2016-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003793"
},
{
"date": "2016-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-434"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-4520"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-434"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Pelco Digital Sentry Vulnerability in the access rights of video management system firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003793"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-434"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…