CVE-2018-7228
CRITICALSchneider Electric Pelco Sarix Professional < 3.29.67 - Unauthenticated Authentication Bypass
Title source: llmDescription
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get the administrator privileges.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/
Scores
CVSS v3
9.8
EPSS
0.0069
EPSS Percentile
72.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (20)
schneider-electric/ibp1110-1er_firmware
< 3.29.67
schneider-electric/ibp219-1er_firmware
< 3.29.67
schneider-electric/ibp319-1er_firmware
< 3.29.67
schneider-electric/ibp519-1er_firmware
< 3.29.67
schneider-electric/ibps110-1er_firmware
< 3.29.67
schneider-electric/imp1110-1_firmware
< 3.29.67
schneider-electric/imp1110-1e_firmware
< 3.29.67
schneider-electric/imp1110-1er_firmware
< 3.29.67
schneider-electric/imp219-1_firmware
< 3.29.67
schneider-electric/imp219-1e_firmware
< 3.29.67
... and 10 more
Published
Mar 09, 2018
Tracked Since
Feb 18, 2026