First published: Fri Mar 09 2018(Updated: )
A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67.
Credit: cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Mps110-1 Firmware | <3.29.67 | |
Schneider-electric Mps110-1 Firmware | ||
IMPS110-1ER Firmware | <3.29.67 | |
Schneider-electric Imps110-1er Firmware | ||
Schneider-electric Ibps110-1er Firmware | <3.29.67 | |
Schneider-electric Ibps110-1er Firmware | ||
Schneider Electric IMP1110-1E | <3.29.67 | |
Schneider Electric IMP1110-1 | ||
Schneider Electric IMP1110-1E | <3.29.67 | |
Schneider Electric IMP1110-1E | ||
Schneider Electric IMP1110-1 | <3.29.67 | |
Schneider Electric IMP1110-1 | ||
Schneider Electric IBP1110-1ER | <3.29.67 | |
Schneider-electric Ibp1110-1er Firmware | ||
Schneider Electric IMP219-1E | <3.29.67 | |
Schneider Electric Imp219-1 | ||
Schneider Electric Imp219-1e Firmware | <3.29.67 | |
Schneider Electric IMP219-1E | ||
Schneider Electric Imp219-1er Firmware | <3.29.67 | |
Schneider-electric Imp219-1 | ||
Schneider Electric IBP219-1ER Firmware | <3.29.67 | |
Schneider Electric IBP219-1ER | ||
Schneider Electric IMP319-1E Firmware | <3.29.67 | |
Schneider-electric Imp319-1 Firmware | ||
Schneider Electric IMP319-1E Firmware | <3.29.67 | |
Schneider-electric Imp319-1e Firmware | ||
Schneider-electric IBP319-1ER | <3.29.67 | |
Schneider Electric IBP319-1ER | ||
Schneider Electric IMP519-1 Firmware | <3.29.67 | |
Schneider-electric Imp519-1 Firmware | ||
Schneider Electric Imp319-1er | <3.29.67 | |
Schneider Electric Imp319-1er | ||
Schneider Electric IMP519-1 Firmware | <3.29.67 | |
Schneider-electric Imp519-1e Firmware | ||
Schneider Electric IMP519-1 Firmware | <3.29.67 | |
Schneider-electric Imp519-1er Firmware | ||
Schneider Electric IBP519-1ER | <3.29.67 | |
Schneider Electric IBP519-1ER | ||
Schneider Electric IMPS110-1E | <3.29.67 | |
Schneider Electric IMPS110-1E |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-7230 is classified as a moderate severity vulnerability due to its implication of XML external entity injection.
To mitigate CVE-2018-7230, you should upgrade to Schneider Electric's firmware version 3.29.67 or later.
CVE-2018-7230 affects Schneider Electric's Pelco Sarix Professional web interface in all firmware versions prior to 3.29.67.
An XML External Entity (XXE) vulnerability allows an attacker to interfere with the processing of XML data and potentially access sensitive files or perform external requests.
Yes, CVE-2018-7230 can lead to unauthorized access to sensitive data due to the exploitation of the XML external entity vulnerability.