First published: Wed May 22 2019(Updated: )
A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera when an authenticated user clicks a specially crafted malicious link while logged into the camera.
Credit: cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider Electric D6220 | >=2.11 | |
Schneider Electric D6220 | ||
Schneider Electric D6220 | >=2.11 | |
Schneider Electric D6220 | ||
Schneider-electric D6230 Firmware | >=2.11 | |
Schneider-electric D6230 Firmware | ||
Schneider Electric D6230L Firmware | >=2.11 | |
Schneider Electric D6230L Firmware | ||
Schneider-electric Imes19-1i | <2.2.3.0 | |
Schneider-electric Imes19-1i Firmware | ||
Schneider Electric IMES19-1S Firmware | <2.2.3.0 | |
Schneider-electric Imes19-1s Firmware | ||
Schneider Electric IMES19-1P | <2.2.3.0 | |
Schneider-electric Imes19-1p Firmware | ||
Schneider Electric Ime119-1i Firmware | <2.2.3.0 | |
Schneider Electric Ime119-1i | ||
Schneider Electric Ime119-1s Firmware | <2.2.3.0 | |
Schneider-electric Ime119-1s Firmware | ||
Schneider-electric Ime119-1ei Firmware | <2.2.3.0 | |
Schneider-electric Ime119-1ei Firmware | ||
Schneider Electric Ime219-1i Firmware | <2.2.3.0 | |
Schneider-electric Ime219-1i Firmware | ||
Schneider-electric Ime219-1s Firmware | <2.2.3.0 | |
Schneider-electric Ime219-1s Firmware | ||
Schneider Electric Ime219-1p | <2.2.3.0 | |
Schneider Electric Ime219-1p | ||
Schneider Electric IME319-1i Firmware | <2.2.3.0 | |
Schneider Electric IME319-1i Firmware | ||
Schneider Electric Ime319-1s Firmware | <2.2.3.0 | |
Schneider-electric Ime319-1s Firmware | ||
Schneider Electric Ime319-1P Firmware | <2.2.3.0 | |
Schneider Electric Ime319-1P | ||
Schneider-electric Ime319-b1i Firmware | <2.2.3.0 | |
Schneider-electric Ime319-b1i Firmware | ||
Schneider Electric Ime319-B1S | <2.2.3.0 | |
Schneider-electric Ime319-b1s Firmware | ||
Schneider-electric Ime319-b1p | <2.2.3.0 | |
Schneider Electric IME319-B1P | ||
Schneider Electric Ime3122-1i Firmware | <2.2.3.0 | |
Schneider-electric Ime3122-1i Firmware | ||
Schneider Electric Ime3122-B1i Firmware | <2.2.3.0 | |
Schneider-electric Ime3122-b1i Firmware | ||
Schneider Electric Ime3122-1s Firmware | <2.2.3.0 | |
Schneider-electric Ime3122-1s Firmware | ||
Schneider Electric IME3122-B1S | <2.2.3.0 | |
Schneider Electric IME3122-B1S | ||
Schneider Electric Ime3122 Firmware | <2.2.3.0 | |
Schneider-electric Ime3122-1p Firmware | ||
Schneider-electric Ime3122-b1p Firmware | <2.2.3.0 | |
Schneider-electric Ime3122-b1p Firmware | ||
Schneider-electric Imes19-1ep | <2.2.3.0 | |
Schneider-electric Imes19-1ei Firmware | ||
Schneider Electric IMES19-1ES Firmware | <2.2.3.0 | |
Schneider-electric Imes19-1es Firmware | ||
Schneider-electric Imes19-1ep | <2.2.3.0 | |
Schneider-electric Imes19-1ep Firmware | ||
Schneider Electric Ime119-1ei Firmware | <2.2.3.0 | |
Schneider-electric Ime119-1ei Firmware | ||
Schneider Electric Ime119-1es Firmware | <2.2.3.0 | |
Schneider Electric Ime119-1es | ||
Schneider Electric Ime119-1ep Firmware | <2.2.3.0 | |
Schneider Electric Ime119-1ep Firmware | ||
Schneider-electric Ime219-1ei Firmware | <2.2.3.0 | |
Schneider Electric Ime219-1ei | ||
Schneider Electric Ime219-1es Firmware | <2.2.3.0 | |
Schneider Electric Ime219-1es | ||
Schneider Electric Ime219-1ep Firmware | <2.2.3.0 | |
Schneider-electric Ime219-1ep Firmware | ||
Schneider-electric Ime319-1ei Firmware | <2.2.3.0 | |
Schneider-electric Ime319-1ei Firmware | ||
Schneider Electric IME319-1ES Firmware | <2.2.3.0 | |
Schneider Electric IME319-1ES Firmware | ||
Schneider-electric Ime319-1ep Firmware | <2.2.3.0 | |
Schneider-electric Ime319-1ep Firmware | ||
Schneider Electric Ime3122-1ei Firmware | <2.2.3.0 | |
Schneider-electric Ime3122-1ei Firmware | ||
Schneider Electric Ime3122-1es Firmware | <2.2.3.0 | |
Schneider Electric Ime3122-1es Firmware | ||
Schneider Electric Ime3122 Firmware | <2.2.3.0 | |
Schneider-electric Ime3122-1ep Firmware | ||
Schneider-electric IMES 19-1VI | <2.2.3.0 | |
Schneider-electric IMES 19-1VI | ||
Schneider Electric IMES 19-1 VS | <2.2.3.0 | |
Schneider-electric Imes19-1vs Firmware | ||
Schneider Electric IMES19-1VP Firmware | <2.2.3.0 | |
Schneider-electric Imes19-1vp Firmware | ||
Schneider Electric Ime119-1vi | <2.2.3.0 | |
Schneider-electric Ime119-1vi Firmware | ||
Schneider Electric Ime119-1vs Firmware | <2.2.3.0 | |
Schneider-electric Ime119-1vs Firmware | ||
Schneider-electric Ime119-1vp Firmware | <2.2.3.0 | |
Schneider Electric Ime119-1vp | ||
Schneider-electric Ime219-1vi Firmware | <2.2.3.0 | |
Schneider-electric Ime219-1vi Firmware | ||
Schneider-electric Ime219-1vs Firmware | <2.2.3.0 | |
Schneider-electric Ime219-1vs Firmware | ||
Schneider Electric Ime219-1vp | <2.2.3.0 | |
Schneider Electric Ime219-1vp | ||
Schneider Electric IME319-1VI | <2.2.3.0 | |
Schneider Electric IME319-1VI | ||
Schneider-electric Ime319-1vs Firmware | <2.2.3.0 | |
Schneider Electric Ime319-1vs | ||
Schneider Electric IME319-1VP | <2.2.3.0 | |
Schneider-electric Ime319-1vp Firmware | ||
Schneider Electric Ime3122-1vi Firmware | <2.2.3.0 | |
Schneider-electric Ime3122-1vi Firmware | ||
Schneider Electric Ime3122-1vs Firmware | <2.2.3.0 | |
Schneider Electric IME3122-1VS | ||
Schneider Electric Ime3122-1vp Firmware | <2.2.3.0 | |
Schneider-electric Ime3122-1vp Firmware | ||
Schneider-electric Ixes1 Firmware | <2.2.3.0 | |
Schneider-electric Ixes1 Firmware | ||
Schneider Electric Ixe11 | <2.2.3.0 | |
Schneider Electric Ixe11 | ||
Ixe21 | <2.2.3.0 | |
Ixe21 | ||
Schneider Electric Ixe31 Firmware | <2.2.3.0 | |
Schneider Electric Ixe31 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-7828 is classified as a medium severity Cross-Site Request Forgery (CSRF) vulnerability.
To mitigate CVE-2018-7828, ensure that your camera firmware is updated to a version higher than 2.11.
Devices affected by CVE-2018-7828 include certain models of Schneider Electric's D6220 and D6230 cameras with firmware version 2.11 or lower.
CVE-2018-7828 involves a Cross-Site Request Forgery (CSRF) attack that can be triggered by an authenticated user clicking a malicious link.
Currently, the recommended workaround for CVE-2018-7828 is to avoid clicking unknown links while logged into the affected cameras.