PT-2018-1293 · Schneider Electric · Mge Sts+2

Ilya Karpov

Publicado

2018-03-15

Atualizado

2019-10-03

CVE-2018-7243

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS (affected versions not specified)

Description An authorization bypass issue exists in the integrated web server of the affected devices, allowing a remote attacker to gain full access to the device by bypassing the authorization system. The vulnerability is related to insufficient access control in the web server, which could enable a remote attacker to bypass authentication and obtain full control over the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

BDU:2018-00789

CVE-2018-7243

Produtos afetados

Mge Network Management Card Transverse

Mge Sts

Mge Ups

PT-2018-1293 · Schneider Electric · Mge Sts+2

CVE-2018-7243

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4