CVE-2018-7245
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/04/2018
Last modified:
03/10/2019
Description
An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to change UPS control and shutdown parameters or other critical settings without authorization.
Impact
Base Score 3.x
9.10
Severity 3.x
CRITICAL
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:schneider-electric:66074_mge_network_management_card_transverse:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_comet_ups:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_eps_6000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_eps_7000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_eps_8000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_galaxy_3000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_galaxy_4000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_galaxy_5000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_galaxy_6000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_galaxy_9000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_galaxy_pw:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page