PT-2018-1293 · Schneider Electric · Mge Sts+2

Ilya Karpov

Published

2018-03-15

Updated

2019-10-03

CVE-2018-7243

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS (affected versions not specified)

Description An authorization bypass issue exists in the integrated web server of the affected devices, allowing a remote attacker to gain full access to the device by bypassing the authorization system. The vulnerability is related to insufficient access control in the web server, which could enable a remote attacker to bypass authentication and obtain full control over the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2018-00789

CVE-2018-7243

Affected Products

Mge Network Management Card Transverse

Mge Sts

Mge Ups

PT-2018-1293 · Schneider Electric · Mge Sts+2

CVE-2018-7243

Weakness Enumeration

Related Identifiers

Affected Products

References · 4