CVE-2018-7245
Severity Score
9.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to change UPS control and shutdown parameters or other critical settings without authorization.
Existe una vulnerabilidad de autorización incorrecta en 66074 MGE Network Management Card Transverse, de Schneider Electric, instalados en MGE UPS y MGE STS. El servidor web integrado (Port 80/443/TCP) de los dispositivos afectados podría permitir que un atacante remoto cambie los parámetros UPS de control y cierre u otras opciones críticas sin autorización.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-02-19 CVE Reserved
- 2018-04-18 CVE Published
- 2024-02-26 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01 | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | 66074 Mge Network Management Card Transverse Search vendor "Schneider-electric" for product "66074 Mge Network Management Card Transverse" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Mge Comet Ups Search vendor "Schneider-electric" for product "Mge Comet Ups" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 66074 Mge Network Management Card Transverse Search vendor "Schneider-electric" for product "66074 Mge Network Management Card Transverse" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Mge Eps 6000 Search vendor "Schneider-electric" for product "Mge Eps 6000" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 66074 Mge Network Management Card Transverse Search vendor "Schneider-electric" for product "66074 Mge Network Management Card Transverse" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Mge Eps 7000 Search vendor "Schneider-electric" for product "Mge Eps 7000" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 66074 Mge Network Management Card Transverse Search vendor "Schneider-electric" for product "66074 Mge Network Management Card Transverse" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Mge Eps 8000 Search vendor "Schneider-electric" for product "Mge Eps 8000" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 66074 Mge Network Management Card Transverse Search vendor "Schneider-electric" for product "66074 Mge Network Management Card Transverse" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Mge Galaxy 3000 Search vendor "Schneider-electric" for product "Mge Galaxy 3000" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 66074 Mge Network Management Card Transverse Search vendor "Schneider-electric" for product "66074 Mge Network Management Card Transverse" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Mge Galaxy 4000 Search vendor "Schneider-electric" for product "Mge Galaxy 4000" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 66074 Mge Network Management Card Transverse Search vendor "Schneider-electric" for product "66074 Mge Network Management Card Transverse" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Mge Galaxy 5000 Search vendor "Schneider-electric" for product "Mge Galaxy 5000" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 66074 Mge Network Management Card Transverse Search vendor "Schneider-electric" for product "66074 Mge Network Management Card Transverse" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Mge Galaxy 6000 Search vendor "Schneider-electric" for product "Mge Galaxy 6000" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 66074 Mge Network Management Card Transverse Search vendor "Schneider-electric" for product "66074 Mge Network Management Card Transverse" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Mge Galaxy 9000 Search vendor "Schneider-electric" for product "Mge Galaxy 9000" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 66074 Mge Network Management Card Transverse Search vendor "Schneider-electric" for product "66074 Mge Network Management Card Transverse" | - | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Mge Galaxy Pw Search vendor "Schneider-electric" for product "Mge Galaxy Pw" | - | - |
Safe
|