Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveSchneiderCVE-2018-7246
HistoryApr 18, 2018 - 8:29 p.m.

CVE-2018-7246

2018-04-1820:29:00
CWE-319
schneider
web.nvd.nist.gov
34
cve-2018-7246
schneider electric
66074
mge
network management card
transverse
cleartext transmission
vulnerability
ssl
remote attackers
administrative account
nvd
mge ups
mge sts
web server
port 80
port 443
tcp
access control
ip-address
pas_cont.htm

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.003

Percentile

71.9%

JSON

A cleartext transmission of sensitive information vulnerability exists in Schneider Electric’s 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page “Access Control” (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext

Affected configurations

Nvd
Node
schneider-electric66074_mge_network_management_card_transverseMatch-
AND
schneider-electricmge_comet_upsMatch-
OR
schneider-electricmge_eps_6000Match-
OR
schneider-electricmge_eps_7000Match-
OR
schneider-electricmge_eps_8000Match-
OR
schneider-electricmge_galaxy_3000Match-
OR
schneider-electricmge_galaxy_4000Match-
OR
schneider-electricmge_galaxy_5000Match-
OR
schneider-electricmge_galaxy_6000Match-
OR
schneider-electricmge_galaxy_9000Match-
OR
schneider-electricmge_galaxy_pwMatch-
VendorProductVersionCPE
schneider-electric66074_mge_network_management_card_transverse-cpe:2.3:h:schneider-electric:66074_mge_network_management_card_transverse:-:*:*:*:*:*:*:*
schneider-electricmge_comet_ups-cpe:2.3:h:schneider-electric:mge_comet_ups:-:*:*:*:*:*:*:*
schneider-electricmge_eps_6000-cpe:2.3:h:schneider-electric:mge_eps_6000:-:*:*:*:*:*:*:*
schneider-electricmge_eps_7000-cpe:2.3:h:schneider-electric:mge_eps_7000:-:*:*:*:*:*:*:*
schneider-electricmge_eps_8000-cpe:2.3:h:schneider-electric:mge_eps_8000:-:*:*:*:*:*:*:*
schneider-electricmge_galaxy_3000-cpe:2.3:h:schneider-electric:mge_galaxy_3000:-:*:*:*:*:*:*:*
schneider-electricmge_galaxy_4000-cpe:2.3:h:schneider-electric:mge_galaxy_4000:-:*:*:*:*:*:*:*
schneider-electricmge_galaxy_5000-cpe:2.3:h:schneider-electric:mge_galaxy_5000:-:*:*:*:*:*:*:*
schneider-electricmge_galaxy_6000-cpe:2.3:h:schneider-electric:mge_galaxy_6000:-:*:*:*:*:*:*:*
schneider-electricmge_galaxy_9000-cpe:2.3:h:schneider-electric:mge_galaxy_9000:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 111

CNA Affected

[
  {
    "product": "66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS",
    "vendor": "Schneider Electric SE",
    "versions": [
      {
        "status": "affected",
        "version": "MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000"
      }
    ]
  }
]

Related

prion 1
cvelist 1
ptsecurity 1
nvd 1
prion
prion
Design/Logic Flaw
2018-04-18 20:29:00
cvelist
cvelist
CVE-2018-7246
2018-04-18 20:00:00
ptsecurity
ptsecurity
PT-2018-38: Information Disclosure in APC Uninterrupted Power Supplies
2016-02-20 00:00:00
nvd
nvd
CVE-2018-7246
2018-04-18 20:29:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.003

Percentile

71.9%

JSON
Related for CVE-2018-7246
prion1cvelist1ptsecurity1nvd1