Sign-up

ID

VAR-201804-1272


CVE

CVE-2018-7245


TITLE

Schneider Electric 66074 MGE Network Management Card Transverse Authorization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004354

DESCRIPTION

An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to change UPS control and shutdown parameters or other critical settings without authorization. SchneiderElectricMGEUPS and MGESTS are products of Schneider Electric. SchneiderElectricMGEUPS is an uninterruptible power supply unit. MGESTS is a static switch. 66074MGENetworkManagementCardTransverse is one of the network management cards (network cards). There are improper authorization vulnerabilities in the 66074MGENetworkManagementCardTransverse in SchneiderElectricMGEUPS and MGESTS

Trust: 2.16

sources: NVD: CVE-2018-7245 // JVNDB: JVNDB-2018-004354 // CNVD: CNVD-2018-11131

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-11131

AFFECTED PRODUCTS

vendor:schneider electricmodel:66074 mge network management card transversescope:eqversion: -

Trust: 1.6

vendor:schneider electricmodel:mge network management card transverse 66074scope: - version: -

Trust: 0.8

vendor:schneidermodel:electric mge galaxy pwscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric mge comet upsscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric mge epsscope:eqversion:6000

Trust: 0.6

vendor:schneidermodel:electric mge epsscope:eqversion:8000

Trust: 0.6

vendor:schneidermodel:electric mge epsscope:eqversion:7000

Trust: 0.6

vendor:schneidermodel:electric mge galaxyscope:eqversion:9000

Trust: 0.6

vendor:schneidermodel:electric mge galaxyscope:eqversion:6000

Trust: 0.6

vendor:schneidermodel:electric mge galaxyscope:eqversion:4000

Trust: 0.6

vendor:schneidermodel:electric mge galaxyscope:eqversion:3000

Trust: 0.6

vendor:schneidermodel:electric mge galaxyscope:eqversion:5000

Trust: 0.6

vendor:schneidermodel:electric stsscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-11131 // JVNDB: JVNDB-2018-004354 // CNNVD: CNNVD-201804-828 // NVD: CVE-2018-7245

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7245
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-7245
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-11131
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201804-828
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2018-7245
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-11131
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-7245
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-11131 // JVNDB: JVNDB-2018-004354 // CNNVD: CNNVD-201804-828 // NVD: CVE-2018-7245

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.0

problemtype:CWE-285

Trust: 0.8

sources: JVNDB: JVNDB-2018-004354 // NVD: CVE-2018-7245

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-828

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201804-828

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004354

PATCH
title:SEVD-2018-074-01url:https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-074-01+MGE+Network+Management+Card+Transverse+installed+in+MGE+UPS+and+MGE+STS+V1.1.pdf&p_Doc_Ref=SEVD-2018-074-01
Trust: 0.8
title:SchneiderElectricMGEUPS and MGESTS66074MGENetworkManagementCardTransverse patches for improperly authorized vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/131519
Trust: 0.6
title:Schneider Electric MGE UPS  and MGE STS 66074 MGE Network Management Card Transverse Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80189
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-11131 // 
            
            
            
            JVNDB: JVNDB-2018-004354 // 
            
            
            
            CNNVD: CNNVD-201804-828

EXTERNAL IDS
db:NVDid:CVE-2018-7245
Trust: 3.0
db:SCHNEIDERid:SEVD-2018-074-01
Trust: 2.2
db:JVNDBid:JVNDB-2018-004354
Trust: 0.8
db:CNVDid:CNVD-2018-11131
Trust: 0.6
db:CNNVDid:CNNVD-201804-828
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-11131 // 
            
            
            
            JVNDB: JVNDB-2018-004354 // 
            
            
            
            CNNVD: CNNVD-201804-828 // 
            
            
            
            NVD: CVE-2018-7245

REFERENCES
url:https://www.schneider-electric.com/en/download/document/sevd-2018-074-01/
Trust: 2.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7245
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7245
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-11131 // 
            
            
            
            JVNDB: JVNDB-2018-004354 // 
            
            
            
            CNNVD: CNNVD-201804-828 // 
            
            
            
            NVD: CVE-2018-7245

SOURCES
db:CNVDid:CNVD-2018-11131
db:JVNDBid:JVNDB-2018-004354
db:CNNVDid:CNNVD-201804-828
db:NVDid:CVE-2018-7245

LAST UPDATE DATE
2024-11-23T21:53:15.332000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-11131date:2018-06-08T00:00:00
db:JVNDBid:JVNDB-2018-004354date:2018-06-18T00:00:00
db:CNNVDid:CNNVD-201804-828date:2019-10-23T00:00:00
db:NVDid:CVE-2018-7245date:2024-11-21T04:11:52.157

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-11131date:2018-06-08T00:00:00
db:JVNDBid:JVNDB-2018-004354date:2018-06-18T00:00:00
db:CNNVDid:CNNVD-201804-828date:2018-04-18T00:00:00
db:NVDid:CVE-2018-7245date:2018-04-18T20:29:00.513