Sign-up

ID

VAR-201803-1841


CVE

CVE-2018-7234


TITLE

Schneider Electric Pelco Sarix Professional Vulnerabilities related to certificate validation

Trust: 0.8

sources: JVNDB: JVNDB-2018-002612

DESCRIPTION

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate. Schneider Electric Pelco Sarix Professional Contains a certificate validation vulnerability.Information may be obtained. SchneiderElectricPelcoSarixProfessional is a video surveillance device from Schneider Electric, France. An attacker could exploit this vulnerability to download any system files

Trust: 2.16

sources: NVD: CVE-2018-7234 // JVNDB: JVNDB-2018-002612 // CNVD: CNVD-2018-05328

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-05328

AFFECTED PRODUCTS

vendor:schneider electricmodel:imp519-1escope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:ibp219-1erscope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:ibp319-1erscope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:ibp519-1erscope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:imps110-1escope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:imp219-1erscope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:imp519-1scope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:imp319-1scope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:imp219-1escope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:imp319-1escope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:ibps110-1erscope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:imp1110-1scope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:mps110-1scope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:imp519-1erscope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:imp319-1erscope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:imp219-1scope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:imps110-1erscope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:imp1110-1escope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:ibp1110-1erscope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:imp1110-1erscope:ltversion:3.29.67

Trust: 1.0

vendor:schneider electricmodel:ibp1110-1erscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:ibps110-1erscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:imp1110-1scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:imps110-1escope: - version: -

Trust: 0.8

vendor:schneidermodel:electric pelco sarix professionalscope:ltversion:3.29.67

Trust: 0.6

sources: CNVD: CNVD-2018-05328 // JVNDB: JVNDB-2018-002612 // NVD: CVE-2018-7234

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7234
value: HIGH

Trust: 1.0

NVD: CVE-2018-7234
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-05328
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-051
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-7234
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-05328
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-7234
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-7234
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-05328 // JVNDB: JVNDB-2018-002612 // CNNVD: CNNVD-201803-051 // NVD: CVE-2018-7234

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.8

sources: JVNDB: JVNDB-2018-002612 // NVD: CVE-2018-7234

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-051

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201803-051

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002612

PATCH
title:SEVD-2018-058-01url:https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=9607912128&p_File_Name=SEVD-2018-058-01+Pelco+Sarix+Professional+V1.2.pdf&p_Doc_Ref=SEVD-2018-058-01
Trust: 0.8
title:Patch for SchneiderElectricPelcoSarixProfessional Free File Download Vulnerability (CNVD-2018-05328)url:https://www.cnvd.org.cn/patchInfo/show/121573
Trust: 0.6
title:Schneider Electric Pelco Sarix Professional Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78845
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05328 // 
            
            
            
            JVNDB: JVNDB-2018-002612 // 
            
            
            
            CNNVD: CNNVD-201803-051

EXTERNAL IDS
db:NVDid:CVE-2018-7234
Trust: 3.0
db:SCHNEIDERid:SEVD-2018-058-01
Trust: 1.6
db:JVNDBid:JVNDB-2018-002612
Trust: 0.8
db:CNVDid:CNVD-2018-05328
Trust: 0.6
db:CNNVDid:CNNVD-201803-051
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05328 // 
            
            
            
            JVNDB: JVNDB-2018-002612 // 
            
            
            
            CNNVD: CNNVD-201803-051 // 
            
            
            
            NVD: CVE-2018-7234

REFERENCES
url:https://www.schneider-electric.com/en/download/document/sevd-2018-058-01/
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-7234
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7234
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-05328 // 
            
            
            
            JVNDB: JVNDB-2018-002612 // 
            
            
            
            CNNVD: CNNVD-201803-051 // 
            
            
            
            NVD: CVE-2018-7234

SOURCES
db:CNVDid:CNVD-2018-05328
db:JVNDBid:JVNDB-2018-002612
db:CNNVDid:CNNVD-201803-051
db:NVDid:CVE-2018-7234

LAST UPDATE DATE
2024-11-23T21:39:29.831000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05328date:2018-03-15T00:00:00
db:JVNDBid:JVNDB-2018-002612date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201803-051date:2022-02-07T00:00:00
db:NVDid:CVE-2018-7234date:2024-11-21T04:11:50.590

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-05328date:2018-03-15T00:00:00
db:JVNDBid:JVNDB-2018-002612date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201803-051date:2018-03-01T00:00:00
db:NVDid:CVE-2018-7234date:2018-03-09T23:29:00.717