Schneider Electric · Mge Sts · CVE-2018-7243
**Name of the Vulnerable Software and Affected Versions**
Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS (affected versions not specified)
**Description**
An authorization bypass issue exists in the integrated web server of the affected devices, allowing a remote attacker to gain full access to the device by bypassing the authorization system. The vulnerability is related to insufficient access control in the web server, which could enable a remote attacker to bypass authentication and obtain full control over the device.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.