Details of VAR-201810-1618

ID

VAR-201810-1618

TITLE

Schneider Pelco Sarix Pro camera set program system.opkg.remove has a command injection vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-19128

DESCRIPTION

Pelco Sarix Pro is a video surveillance device from Schneider Electric. A command injection vulnerability exists in the Schneider Pelco Sarix Pro camera set program system.opkg.remove. An attacker can use the vulnerability to execute arbitrary commands in the background through an HTTP request.

Trust: 0.6

sources: CNVD: CNVD-2018-19128

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-19128

AFFECTED PRODUCTS

vendor:

schneider

model:

electric pelco sarix pro camera imp1110-1

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2018-19128

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-19128
value:	LOW
Trust: 0.6

CNVD:	CNVD-2018-19128
severity:	LOW
baseScore:	2.1
vectorString:	AV:N/AC:H/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2018-19128

PATCH

title:

Schneider Pelco Sarix Pro camera set program system.opkg.remove has a command execution vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/137963

Trust: 0.6

sources: CNVD: CNVD-2018-19128

EXTERNAL IDS

db:

CNVD

id:

CNVD-2018-19128

Trust: 0.6

sources: CNVD: CNVD-2018-19128

SOURCES

db:

CNVD

id:

CNVD-2018-19128

LAST UPDATE DATE

2022-05-04T09:28:53.197000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-19128

date:

2018-09-19T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2018-19128

date:

2018-10-01T00:00:00