Sign-up

ID

VAR-201909-1388


CVE

CVE-2018-7820


TITLE

Schneider Electric APC UPS Network Management Card 2 Trust Management Issue Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-22291 // CNNVD: CNNVD-201909-814

DESCRIPTION

A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled. Schneider Electric APC UPS Network Management Card 2 is a network management card of French Schneider Electric (Schneider Electric) company. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use the default password or hard-coded passwords, hard-coded certificates, etc. to attack the affected components

Trust: 2.16

sources: NVD: CVE-2018-7820 // JVNDB: JVNDB-2018-016072 // CNVD: CNVD-2020-22291

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-22291

AFFECTED PRODUCTS

vendor:schneider electricmodel:ap9635scope:ltversion:6.7.2

Trust: 1.0

vendor:schneider electricmodel:smart-ups srt 5kvascope:ltversion:6.7.2

Trust: 1.0

vendor:schneider electricmodel:ap9630scope:ltversion:6.7.2

Trust: 1.0

vendor:schneider electricmodel:ap9631scope:ltversion:6.7.2

Trust: 1.0

vendor:schneider electricmodel:ap9630scope:eqversion:6.5.6

Trust: 0.8

vendor:schneider electricmodel:ap9631scope:eqversion:6.5.6

Trust: 0.8

vendor:schneider electricmodel:ap9635scope:eqversion:6.5.6

Trust: 0.8

vendor:schneider electricmodel:smart-ups srt 5kvascope:eqversion:6.5.6

Trust: 0.8

vendor:schneidermodel:electric apc ups network management card aosscope:eqversion:26.5.6

Trust: 0.6

vendor:schneider electricmodel:ap9631scope:eqversion: -

Trust: 0.6

vendor:schneider electricmodel:smart-ups srt 5kvascope:eqversion: -

Trust: 0.6

vendor:schneider electricmodel:ap9635scope:eqversion: -

Trust: 0.6

vendor:schneider electricmodel:ap9630scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-22291 // JVNDB: JVNDB-2018-016072 // CNNVD: CNNVD-201909-814 // NVD: CVE-2018-7820

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7820
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-7820
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-22291
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201909-814
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2018-7820
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-22291
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-7820
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-7820
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-22291 // JVNDB: JVNDB-2018-016072 // CNNVD: CNNVD-201909-814 // NVD: CVE-2018-7820

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.8

problemtype:CWE-255

Trust: 1.0

sources: JVNDB: JVNDB-2018-016072 // NVD: CVE-2018-7820

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-814

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201909-814

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016072

PATCH
title:Network Management Card 2 (NMC 2) Firmware v6.7.2 for Smart-UPS and Single-Phase Symmetra Release Notesurl:https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdf
Trust: 0.8
title:Patch for Schneider Electric APC UPS Network Management Card 2 Trust Management Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/213423
Trust: 0.6
title:Schneider Electric APC UPS Network Management Card 2 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98347
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22291 // 
            
            
            
            JVNDB: JVNDB-2018-016072 // 
            
            
            
            CNNVD: CNNVD-201909-814

EXTERNAL IDS
db:NVDid:CVE-2018-7820
Trust: 3.0
db:JVNDBid:JVNDB-2018-016072
Trust: 0.8
db:CNVDid:CNVD-2020-22291
Trust: 0.6
db:CNNVDid:CNNVD-201909-814
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22291 // 
            
            
            
            JVNDB: JVNDB-2018-016072 // 
            
            
            
            CNNVD: CNNVD-201909-814 // 
            
            
            
            NVD: CVE-2018-7820

REFERENCES
url:https://www.apc.com/salestools/ccon-bfqmxc/ccon-bfqmxc_r0_en.pdf
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-7820
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7820
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-22291 // 
            
            
            
            JVNDB: JVNDB-2018-016072 // 
            
            
            
            CNNVD: CNNVD-201909-814 // 
            
            
            
            NVD: CVE-2018-7820

SOURCES
db:CNVDid:CNVD-2020-22291
db:JVNDBid:JVNDB-2018-016072
db:CNNVDid:CNNVD-201909-814
db:NVDid:CVE-2018-7820

LAST UPDATE DATE
2024-11-23T22:48:14.180000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-22291date:2020-04-11T00:00:00
db:JVNDBid:JVNDB-2018-016072date:2019-09-24T00:00:00
db:CNNVDid:CNNVD-201909-814date:2019-09-30T00:00:00
db:NVDid:CVE-2018-7820date:2024-11-21T04:12:47.413

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-22291date:2020-04-11T00:00:00
db:JVNDBid:JVNDB-2018-016072date:2019-09-24T00:00:00
db:CNNVDid:CNNVD-201909-814date:2019-09-17T00:00:00
db:NVDid:CVE-2018-7820date:2019-09-17T20:15:11