CVE-2018-7230

HIGH

Schneider Electric Pelco Sarix Professional < 3.29.67 - XML External Entity Injection via Web Interface Import

Title source: llm
STIX 2.1

Description

A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67.

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0034
EPSS Percentile 57.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-611
Status published
Products (20)
schneider-electric/ibp1110-1er_firmware < 3.29.67
schneider-electric/ibp219-1er_firmware < 3.29.67
schneider-electric/ibp319-1er_firmware < 3.29.67
schneider-electric/ibp519-1er_firmware < 3.29.67
schneider-electric/ibps110-1er_firmware < 3.29.67
schneider-electric/imp1110-1_firmware < 3.29.67
schneider-electric/imp1110-1e_firmware < 3.29.67
schneider-electric/imp1110-1er_firmware < 3.29.67
schneider-electric/imp219-1_firmware < 3.29.67
schneider-electric/imp219-1e_firmware < 3.29.67
... and 10 more
Published Mar 09, 2018
Tracked Since Feb 18, 2026