PT-2018-18277 · Schneider Electric · Pelco Sarix Professional

Published

2018-07-03

Updated

2019-10-03

CVE-2018-7781

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Schneider Electric Pelco Sarix Professional 1st generation cameras versions prior to 3.29.69

Description: The issue allows an authenticated user to view passwords in clear text, resulting in privilege escalation, by sending a specially crafted request.

Recommendations: For versions prior to 3.29.69, update the firmware to version 3.29.69 or later to resolve the issue.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

CVE-2018-7781

Affected Products

Pelco Sarix Professional

PT-2018-18277 · Schneider Electric · Pelco Sarix Professional

CVE-2018-7781

Weakness Enumeration

Related Identifiers

Affected Products

References · 3