CVE-2018-7245

Name of the Vulnerable Software and Affected Versions Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS (affected versions not specified)

Description An improper authorization issue exists in the integrated web server of the affected devices, allowing a remote attacker to change critical settings, such as UPS control and shutdown parameters, without authorization. The vulnerability can be exploited through the web server, which listens on Port 80/443/TCP. This could enable an attacker to modify device settings, including power and shutdown parameters.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.