CVE-2018-7229
CRITICALSchneider Electric Pelco Sarix Professional < 3.29.67 - Unauthenticated Authentication Bypass via Hardcoded Credentials
Title source: llmDescription
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/
Scores
CVSS v3
9.8
EPSS
0.0051
EPSS Percentile
66.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (20)
schneider-electric/ibp1110-1er_firmware
< 3.29.67
schneider-electric/ibp219-1er_firmware
< 3.29.67
schneider-electric/ibp319-1er_firmware
< 3.29.67
schneider-electric/ibp519-1er_firmware
< 3.29.67
schneider-electric/ibps110-1er_firmware
< 3.29.67
schneider-electric/imp1110-1_firmware
< 3.29.67
schneider-electric/imp1110-1e_firmware
< 3.29.67
schneider-electric/imp1110-1er_firmware
< 3.29.67
schneider-electric/imp219-1_firmware
< 3.29.67
schneider-electric/imp219-1e_firmware
< 3.29.67
... and 10 more
Published
Mar 09, 2018
Tracked Since
Feb 18, 2026