CVE-2018-7244
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
18/04/2018
Last modified:
23/05/2018
Description
An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to obtain sensitive device information if network access was obtained.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:schneider-electric:66074_mge_network_management_card_transverse:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_comet_ups:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_eps_6000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_eps_7000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_eps_8000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_galaxy_3000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_galaxy_4000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_galaxy_5000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_galaxy_6000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_galaxy_9000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:schneider-electric:mge_galaxy_pw:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page