Details of VAR-201801-1845

ID

VAR-201801-1845

TITLE

Pelco Sarix Enhanced GeneralSetupController.php file has arbitrary file deletion vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-36459

DESCRIPTION

pelco Sarix Enhanced is a webcam. There is an arbitrary file deletion vulnerability in the pelco Sarix Enhanced GeneralSetupController.php file. The vulnerability is due to the program's failure to properly check when processing uploaded files. An attacker can delete any file in the / tmp / directory, resulting in a denial of service.

Trust: 0.6

sources: CNVD: CNVD-2017-36459

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-36459

AFFECTED PRODUCTS

vendor:

schneider

model:

electric sarix enhanced model: ime219

scope:

version:

-2.2.2.1

Trust: 0.6

sources: CNVD: CNVD-2017-36459

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-36459
value:	LOW
Trust: 0.6

CNVD:	CNVD-2017-36459
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:H/AU:S/C:N/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	2.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-36459

PATCH

title:

Schneider Electric's Sarix enhanced camera / setup / system / general has a denial of service vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/107233

Trust: 0.6

sources: CNVD: CNVD-2017-36459

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-36459

Trust: 0.6

sources: CNVD: CNVD-2017-36459

SOURCES

db:

CNVD

id:

CNVD-2017-36459

LAST UPDATE DATE

2022-05-04T10:19:17.947000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-36459

date:

2017-12-07T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-36459

date:

2018-01-08T00:00:00