Details of VAR-201801-1829

ID

VAR-201801-1829

TITLE

Arbitrary file deletion vulnerability in pelco Sarix Pro webcam set_param program

Trust: 0.6

sources: CNVD: CNVD-2017-36466

DESCRIPTION

pelco Sarix Professional is a video camera. There is an arbitrary file deletion vulnerability in the pelco Sarix Pro webcam set_param program. The vulnerability is because the program does not check the file name when processing parameters. An attacker can use the vulnerability to delete any file or directory, causing the camera to fail to work properly.

Trust: 0.6

sources: CNVD: CNVD-2017-36466

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-36466

AFFECTED PRODUCTS

vendor:

schneider

model:

electric sarix professional model: imp

scope:

version:

-1110-103.29.65

Trust: 0.6

sources: CNVD: CNVD-2017-36466

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-36466
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2017-36466
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-36466

PATCH

title:

Schneider Electric's Perix Sarix Pro camera set_param program has a denial of service vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/107237

Trust: 0.6

sources: CNVD: CNVD-2017-36466

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-36466

Trust: 0.6

sources: CNVD: CNVD-2017-36466

SOURCES

db:

CNVD

id:

CNVD-2017-36466

LAST UPDATE DATE

2022-05-04T08:55:22.894000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-36466

date:

2017-12-07T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-36466

date:

2018-01-08T00:00:00