CVSS: 8.8EPSS: 0%CPEs: 118EXPL: 0CVE-2018-7826
https://notcve.org/view.php?id=CVE-2018-7826
A Command Injection vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. Existe una vulnerabilidad de Inyección de comandos en la web-based GUI en la cámara 1st Gen. Pelco Sarix Enhanced, que podría permitir a un atacante remoto ejecutar comandos arbitrarios. • https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 118EXPL: 0CVE-2018-7825
https://notcve.org/view.php?id=CVE-2018-7825
A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. Existe una vulnerabilidad de Inyección de comandos en la web-based GUI en la cámara 1st Gen PelcoSarix Enhanced que podría permitir a un atacante remoto ejecutar comandos arbitrarios. • https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 118EXPL: 0CVE-2018-7816
https://notcve.org/view.php?id=CVE-2018-7816
A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file. Existe una vulnerabilidad de permisos, privilegios y control de acceso en la web-based GUI de la cámara 1st Gen Pelco Sarix Enhanced, que podría permitir que un atacante remoto suprima un archivo arbitrario. • https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03 •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-7824
https://notcve.org/view.php?id=CVE-2018-7824
An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files. Existe una vulnerabilidad de tipo referencias a recurso controlado externamente (CWE-610) en Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 y anterior, para Windows 32-bit OS:V2.17 IE 27 y anterior, y como parte del Driver Suite versión:V14.12 y anterior), que podría permitir el acceso de escritura a los archivos del sistema disponibles solo para usuarios con privilegio SYSTEM u otros archivos de usuarios importantes. • https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2018-7841 – Schneider Electric U.motion Builder SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2018-7841
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered. Existe una vulnerabilidad de Inyección de SQL (CWE-89) en U.motion Builder versión de software 1.3.4, que podría generar la ejecución de código no deseado cuando un ajuste inapropiado de caracteres es introducido. Schneider Electric U.Motion Builder version 1.3.4 suffers from an unauthenticated command injection vulnerability in track_import_export.php. A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered. • https://www.exploit-db.com/exploits/46846 http://packetstormsecurity.com/files/152862/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.html http://seclists.org/fulldisclosure/2019/May/26 https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •