What is the severity of CVE-2018-7237?

CVE-2018-7237 has a CVSS score of 7.5, indicating a high severity due to potential remote file deletion.

How do I fix CVE-2018-7237?

To mitigate CVE-2018-7237, update the firmware of Schneider Electric's Pelco Sarix Professional to version 3.29.67 or later.

What happens if CVE-2018-7237 is exploited?

If exploited, CVE-2018-7237 allows a remote attacker to delete arbitrary system files, potentially disrupting operations.

Which versions of software are affected by CVE-2018-7237?

CVE-2018-7237 affects all firmware versions of Schneider Electric's Pelco Sarix Professional prior to 3.29.67.

Is there a workaround for CVE-2018-7237?

Currently, the best solution for CVE-2018-7237 is to upgrade to the patched firmware version, as no alternative workaround is specified.

Vulnerability/
CVE-2018-7237

critical

9.1

CWE

1/3/2018

5/8/2024

CVE-2018-7237: Input Validation

First published: Thu Mar 01 2018(Updated: )

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of validation of the /login/bin/set_param to the file name with the value of 'system.delete.sd_file'

Credit: cybersecurity@se.com

Affected Software	Affected Version	How to fix
Schneider-electric Mps110-1 Firmware	<3.29.67
Schneider-electric Mps110-1 Firmware
Schneider Electric IMPS110-1ER	<3.29.67
Schneider-electric Imps110-1er Firmware
Schneider-electric Ibps110-1er Firmware	<3.29.67
Schneider-electric Ibps110-1er Firmware
Schneider Electric IMP1110-1E	<3.29.67
Schneider Electric IMP1110-1
Schneider Electric IMP1110-1E	<3.29.67
Schneider Electric IMP1110-1E
Schneider Electric IMP1110-1	<3.29.67
Schneider Electric IMP1110-1
Schneider Electric IBP1110-1ER	<3.29.67
Schneider-electric Ibp1110-1er Firmware
Schneider-electric Imp219-1 Firmware	<3.29.67
Schneider-electric Imp219-1e Firmware
Schneider-electric Imp219-1e	<3.29.67
Schneider-electric Imp219-1e Firmware
Schneider-electric Imp219-1er Firmware	<3.29.67
Schneider-electric Imp219-1
Schneider-electric Ibp219-1er	<3.29.67
Schneider-electric Ibp219-1er Firmware
Schneider Electric Imp319-1er	<3.29.67
Schneider-electric Imp319-1 Firmware
Schneider-electric Imp319-1e Firmware	<3.29.67
Schneider-electric Imp319-1e Firmware
Schneider-electric IBP319-1ER	<3.29.67
Schneider-electric IBP319-1ER
Schneider Electric IMP519-1	<3.29.67
Schneider-electric Imp519-1 Firmware
Schneider Electric Imp319-1er	<3.29.67
Schneider Electric Imp319-1er
Schneider-electric Imp519-1e Firmware	<3.29.67
Schneider-electric Imp519-1e Firmware
Schneider-electric Imp519-1er Firmware	<3.29.67
Schneider-electric Imp519-1er Firmware
Schneider Electric IBP519-1ER	<3.29.67
Schneider Electric IBP519-1ER
Schneider-electric Imps110-1e	<3.29.67
Schneider-electric Imps110-1e Firmware

Remedy

https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/

Never miss a vulnerability like this again

Reference Links

https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/

Frequently Asked Questions

What is the severity of CVE-2018-7237?
CVE-2018-7237 has a CVSS score of 7.5, indicating a high severity due to potential remote file deletion.
How do I fix CVE-2018-7237?
To mitigate CVE-2018-7237, update the firmware of Schneider Electric's Pelco Sarix Professional to version 3.29.67 or later.
What happens if CVE-2018-7237 is exploited?
If exploited, CVE-2018-7237 allows a remote attacker to delete arbitrary system files, potentially disrupting operations.
Which versions of software are affected by CVE-2018-7237?
CVE-2018-7237 affects all firmware versions of Schneider Electric's Pelco Sarix Professional prior to 3.29.67.
Is there a workaround for CVE-2018-7237?
Currently, the best solution for CVE-2018-7237 is to upgrade to the patched firmware version, as no alternative workaround is specified.

agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/author
agent/references
agent/severity
agent/last-modified-date
agent/remedy
agent/description
agent/event
agent/first-publish-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/schneider-electric
canonical/schneider-electric mps110-1 firmware
canonical/schneider electric imps110-1er
canonical/schneider-electric imps110-1er firmware
canonical/schneider-electric ibps110-1er firmware
canonical/schneider electric imp1110-1e
canonical/schneider electric imp1110-1
canonical/schneider electric ibp1110-1er
canonical/schneider-electric ibp1110-1er firmware
canonical/schneider-electric imp219-1 firmware
canonical/schneider-electric imp219-1e firmware
canonical/schneider-electric imp219-1e
canonical/schneider-electric imp219-1er firmware
canonical/schneider-electric imp219-1
canonical/schneider-electric ibp219-1er
canonical/schneider-electric ibp219-1er firmware
canonical/schneider electric imp319-1er
canonical/schneider-electric imp319-1 firmware
canonical/schneider-electric imp319-1e firmware
canonical/schneider-electric ibp319-1er
canonical/schneider electric imp519-1
canonical/schneider-electric imp519-1 firmware
canonical/schneider-electric imp519-1e firmware
canonical/schneider-electric imp519-1er firmware
canonical/schneider electric ibp519-1er
canonical/schneider-electric imps110-1e
canonical/schneider-electric imps110-1e firmware