CVE-2017-9965

MEDIUM NUCLEI

Schneider-electric Pelco Videoxpert < 2.1 - Path Traversal

Title source: rule

Description

An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files.

Nuclei Templates (1)

Schneider Electric Pelco VideoXpert Enterprise 2.0 - Path Traversal

MEDIUMVERIFIEDby 0x_akoko

Shodan: title:"VideoXpert"

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/102338

[Patch, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02

[Various Sources] https://www.schneider-electric.com/en/download/document/SEVD-2017-339-01/

Scores

CVSS v3 5.8

EPSS 0.0009

EPSS Percentile 25.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

schneider-electric/pelco_videoxpert < 2.1

Published Jan 02, 2018

Tracked Since Feb 18, 2026