VAR-201909-1388
Vulnerability from variot - Updated: 2024-11-23 22:48A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled. Schneider Electric APC UPS Network Management Card 2 is a network management card of French Schneider Electric (Schneider Electric) company. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use the default password or hard-coded passwords, hard-coded certificates, etc. to attack the affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1388",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ap9635",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.7.2"
},
{
"model": "smart-ups srt 5kva",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.7.2"
},
{
"model": "ap9630",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.7.2"
},
{
"model": "ap9631",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.7.2"
},
{
"model": "ap9630",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.5.6"
},
{
"model": "ap9631",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.5.6"
},
{
"model": "ap9635",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.5.6"
},
{
"model": "smart-ups srt 5kva",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.5.6"
},
{
"model": "electric apc ups network management card aos",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "26.5.6"
},
{
"model": "ap9631",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "smart-ups srt 5kva",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "ap9635",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "ap9630",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22291"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016072"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-814"
},
{
"db": "NVD",
"id": "CVE-2018-7820"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:ap9630_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ap9631_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:ap9635_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:smart-ups_srt_5kva_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016072"
}
]
},
"cve": "CVE-2018-7820",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7820",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-22291",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7820",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7820",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7820",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7820",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-22291",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-814",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22291"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016072"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-814"
},
{
"db": "NVD",
"id": "CVE-2018-7820"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled. Schneider Electric APC UPS Network Management Card 2 is a network management card of French Schneider Electric (Schneider Electric) company. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use the default password or hard-coded passwords, hard-coded certificates, etc. to attack the affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7820"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016072"
},
{
"db": "CNVD",
"id": "CNVD-2020-22291"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7820",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016072",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-22291",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201909-814",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22291"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016072"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-814"
},
{
"db": "NVD",
"id": "CVE-2018-7820"
}
]
},
"id": "VAR-201909-1388",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22291"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22291"
}
]
},
"last_update_date": "2024-11-23T22:48:14.180000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Network Management Card 2 (NMC 2) Firmware v6.7.2 for Smart-UPS and Single-Phase Symmetra Release Notes",
"trust": 0.8,
"url": "https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf"
},
{
"title": "Patch for Schneider Electric APC UPS Network Management Card 2 Trust Management Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/213423"
},
{
"title": "Schneider Electric APC UPS Network Management Card 2 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98347"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22291"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016072"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-814"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.8
},
{
"problemtype": "CWE-255",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016072"
},
{
"db": "NVD",
"id": "CVE-2018-7820"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.apc.com/salestools/ccon-bfqmxc/ccon-bfqmxc_r0_en.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7820"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7820"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22291"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016072"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-814"
},
{
"db": "NVD",
"id": "CVE-2018-7820"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-22291"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016072"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-814"
},
{
"db": "NVD",
"id": "CVE-2018-7820"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22291"
},
{
"date": "2019-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016072"
},
{
"date": "2019-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-814"
},
{
"date": "2019-09-17T20:15:11",
"db": "NVD",
"id": "CVE-2018-7820"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22291"
},
{
"date": "2019-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016072"
},
{
"date": "2019-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-814"
},
{
"date": "2024-11-21T04:12:47.413000",
"db": "NVD",
"id": "CVE-2018-7820"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-814"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric APC UPS Network Management Card 2 Trust Management Issue Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22291"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-814"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-814"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…