First published: Fri Mar 09 2018(Updated: )
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service.
Credit: cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Mps110-1 Firmware | <3.29.67 | |
Schneider-electric Mps110-1 Firmware | ||
IMPS110-1ER Firmware | <3.29.67 | |
Schneider-electric Imps110-1er Firmware | ||
Schneider-electric Ibps110-1er Firmware | <3.29.67 | |
Schneider-electric Ibps110-1er Firmware | ||
Schneider Electric IMP1110-1E | <3.29.67 | |
Schneider Electric IMP1110-1 | ||
Schneider Electric IMP1110-1E | <3.29.67 | |
Schneider Electric IMP1110-1E | ||
Schneider Electric IMP1110-1 | <3.29.67 | |
Schneider Electric IMP1110-1 | ||
Schneider Electric IBP1110-1ER | <3.29.67 | |
Schneider-electric Ibp1110-1er Firmware | ||
Schneider Electric IMP219-1E | <3.29.67 | |
Schneider Electric Imp219-1 | ||
Schneider Electric Imp219-1e Firmware | <3.29.67 | |
Schneider Electric IMP219-1E | ||
Schneider Electric Imp219-1er Firmware | <3.29.67 | |
Schneider-electric Imp219-1 | ||
Schneider Electric IBP219-1ER Firmware | <3.29.67 | |
Schneider Electric IBP219-1ER | ||
Schneider Electric IMP319-1E Firmware | <3.29.67 | |
Schneider-electric Imp319-1 Firmware | ||
Schneider Electric IMP319-1E Firmware | <3.29.67 | |
Schneider-electric Imp319-1e Firmware | ||
Schneider-electric IBP319-1ER | <3.29.67 | |
Schneider Electric IBP319-1ER | ||
Schneider Electric IMP519-1 Firmware | <3.29.67 | |
Schneider-electric Imp519-1 Firmware | ||
Schneider Electric Imp319-1er | <3.29.67 | |
Schneider Electric Imp319-1er | ||
Schneider Electric IMP519-1 Firmware | <3.29.67 | |
Schneider-electric Imp519-1e Firmware | ||
Schneider Electric IMP519-1 Firmware | <3.29.67 | |
Schneider-electric Imp519-1er Firmware | ||
Schneider Electric IBP519-1ER | <3.29.67 | |
Schneider Electric IBP519-1ER | ||
Schneider Electric IMPS110-1E | <3.29.67 | |
Schneider Electric IMPS110-1E |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-7236 is classified as a high severity vulnerability due to the potential unauthorized access it allows through the SSH service.
To fix CVE-2018-7236, update the firmware of Schneider Electric's Pelco Sarix Professional devices to version 3.29.67 or later.
CVE-2018-7236 affects all firmware versions prior to 3.29.67 of Schneider Electric's Pelco Sarix Professional Series.
CVE-2018-7236 can expose systems to unauthorized SSH access, posing significant security risks including data breaches.
Yes, CVE-2018-7236 is considered easily exploitable due to the lack of authentication for the vulnerable parameter.