This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Schneider-Electric First view 2018-03-09
Product imp1110-1er Firmware Last view 2018-07-03
Version Type Os
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:o:schneider-electric:imp1110-1er_firmware:*:*:*:*:*:*:*:* 15

Related : CVE

  Date Alert Description
8.8 2018-07-03 CVE-2018-7782

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text.

8.8 2018-07-03 CVE-2018-7781

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear text and results in privilege escalation.

9.8 2018-07-03 CVE-2018-7780

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set".

9.8 2018-03-09 CVE-2018-7238

A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to execute arbitrary code.

9.1 2018-03-09 CVE-2018-7237

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of validation of the /login/bin/set_param to the file name with the value of 'system.delete.sd_file'

8.1 2018-03-09 CVE-2018-7236

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service.

7.5 2018-03-09 CVE-2018-7235

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file'

7.5 2018-03-09 CVE-2018-7234

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate.

9.8 2018-03-09 CVE-2018-7233

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'model_name' or 'mac_address'.

9.8 2018-03-09 CVE-2018-7232

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'network.ieee8021x.delete_certs'.

9.8 2018-03-09 CVE-2018-7231

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'.

8.8 2018-03-09 CVE-2018-7230

A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67.

9.8 2018-03-09 CVE-2018-7229

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials.

9.8 2018-03-09 CVE-2018-7228

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get the administrator privileges.

5.3 2018-03-09 CVE-2018-7227

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker.

CWE : Common Weakness Enumeration

%idName
33% (5) CWE-20 Improper Input Validation
20% (3) CWE-287 Improper Authentication
6% (1) CWE-798 Use of Hard-coded Credentials
6% (1) CWE-611 Information Leak Through XML External Entity File Disclosure
6% (1) CWE-522 Insufficiently Protected Credentials
6% (1) CWE-311 Missing Encryption of Sensitive Data
6% (1) CWE-295 Certificate Issues
6% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
6% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer