CVE-2018-7245

Published Apr 18, 2018

Last updated 3 days ago

CVSS critical 9.1

Overview

Description: An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to change UPS control and shutdown parameters or other critical settings without authorization.
Source: cybersecurity@se.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.1
Impact score: 5.2
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-863

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:66074_mge_network_management_card_transverse:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DBB8697-64F8-4D15-8B14-CDD51E99FBCF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:mge_comet_ups:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F9837318-C9B6-448E-B701-40929C96795A"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:mge_eps_6000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "98078458-B5AB-4AD2-9E57-390591469F37"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:mge_eps_7000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "05DE2424-0969-491D-A414-81A648F2F801"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:mge_eps_8000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "60DC5EF0-1929-4D67-89BF-47D6F6848411"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:mge_galaxy_3000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "955C94DD-90E6-4AB1-87CC-4EDACEA47DF0"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:mge_galaxy_4000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7FCAE877-B3E9-4970-B0EE-49C64C85715C"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:mge_galaxy_5000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4EBFA4F2-6574-4D58-9B0C-317229DF503E"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:mge_galaxy_6000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "790BF7D0-4E2D-4607-8C47-C4B707538E66"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:mge_galaxy_9000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "54A1FC87-5319-4F69-9228-C664D505B1CC"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:mge_galaxy_pw:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "59D9633E-051F-427A-BADA-61BC8501AAE9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References