CVE-2018-7231: Input Validation
First published: Fri Mar 09 2018(Updated: )
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Mps110-1 Firmware | <3.29.67 | |
| Schneider-electric Mps110-1 Firmware | ||
| Schneider Electric IMPS110-1ER | <3.29.67 | |
| Schneider-electric Imps110-1er Firmware | ||
| Schneider-electric Ibps110-1er Firmware | <3.29.67 | |
| Schneider-electric Ibps110-1er Firmware | ||
| Schneider Electric IMP1110-1E | <3.29.67 | |
| Schneider Electric IMP1110-1 | ||
| Schneider Electric IMP1110-1E | <3.29.67 | |
| Schneider Electric IMP1110-1E | ||
| Schneider Electric IMP1110-1 | <3.29.67 | |
| Schneider Electric IMP1110-1 | ||
| Schneider Electric IBP1110-1ER | <3.29.67 | |
| Schneider-electric Ibp1110-1er Firmware | ||
| Schneider-electric Imp219-1 Firmware | <3.29.67 | |
| Schneider-electric Imp219-1e Firmware | ||
| Schneider-electric Imp219-1e | <3.29.67 | |
| Schneider-electric Imp219-1e Firmware | ||
| Schneider-electric Imp219-1er Firmware | <3.29.67 | |
| Schneider-electric Imp219-1 | ||
| Schneider-electric Ibp219-1er | <3.29.67 | |
| Schneider-electric Ibp219-1er Firmware | ||
| Schneider Electric Imp319-1er | <3.29.67 | |
| Schneider-electric Imp319-1 Firmware | ||
| Schneider-electric Imp319-1e Firmware | <3.29.67 | |
| Schneider-electric Imp319-1e Firmware | ||
| Schneider-electric IBP319-1ER | <3.29.67 | |
| Schneider-electric IBP319-1ER | ||
| Schneider Electric IMP519-1 | <3.29.67 | |
| Schneider-electric Imp519-1 Firmware | ||
| Schneider Electric Imp319-1er | <3.29.67 | |
| Schneider Electric Imp319-1er | ||
| Schneider-electric Imp519-1e Firmware | <3.29.67 | |
| Schneider-electric Imp519-1e Firmware | ||
| Schneider-electric Imp519-1er Firmware | <3.29.67 | |
| Schneider-electric Imp519-1er Firmware | ||
| Schneider Electric IBP519-1ER | <3.29.67 | |
| Schneider Electric IBP519-1ER | ||
| Schneider-electric Imps110-1e | <3.29.67 | |
| Schneider-electric Imps110-1e Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-7231?
The severity of CVE-2018-7231 has not been explicitly rated in the public database but it potentially allows unauthorized command execution.
How do I fix CVE-2018-7231?
To fix CVE-2018-7231, upgrade the affected firmware to version 3.29.67 or later.
Which products are affected by CVE-2018-7231?
CVE-2018-7231 affects Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67.
What type of vulnerability is CVE-2018-7231?
CVE-2018-7231 is a command injection vulnerability due to inadequate validation of shell meta characters.
Can I exploit CVE-2018-7231 remotely?
Yes, CVE-2018-7231 can potentially be exploited remotely due to the lack of validation in the affected devices.
- agent/type
- agent/weakness
- agent/references
- agent/remedy
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/schneider-electric mps110-1 firmware
- canonical/schneider electric imps110-1er
- canonical/schneider-electric imps110-1er firmware
- canonical/schneider-electric ibps110-1er firmware
- canonical/schneider electric imp1110-1e
- canonical/schneider electric imp1110-1
- canonical/schneider electric ibp1110-1er
- canonical/schneider-electric ibp1110-1er firmware
- canonical/schneider-electric imp219-1 firmware
- canonical/schneider-electric imp219-1e firmware
- canonical/schneider-electric imp219-1e
- canonical/schneider-electric imp219-1er firmware
- canonical/schneider-electric imp219-1
- canonical/schneider-electric ibp219-1er
- canonical/schneider-electric ibp219-1er firmware
- canonical/schneider electric imp319-1er
- canonical/schneider-electric imp319-1 firmware
- canonical/schneider-electric imp319-1e firmware
- canonical/schneider-electric ibp319-1er
- canonical/schneider electric imp519-1
- canonical/schneider-electric imp519-1 firmware
- canonical/schneider-electric imp519-1e firmware
- canonical/schneider-electric imp519-1er firmware
- canonical/schneider electric ibp519-1er
- canonical/schneider-electric imps110-1e
- canonical/schneider-electric imps110-1e firmware