CVE-2018-7781

HIGH

Schneider-electric Imps110-1 Firmware < 3.29.69 - Missing Encryption

Title source: rule

Description

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear text and results in privilege escalation.

References (1)

[Vendor Advisory] https://www.schneider-electric.com/en/download/document/SEVD-2018-114-01/

Scores

CVSS v3 8.8

EPSS 0.0014

EPSS Percentile 33.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-311

Status published

Products (20)

schneider-electric/ibp1110-1er_firmware < 3.29.69

schneider-electric/ibp219-1er_firmware < 3.29.69

schneider-electric/ibp319-1er_firmware < 3.29.69

schneider-electric/ibp519-1er_firmware < 3.29.69

schneider-electric/ibps110-1er_firmware < 3.29.69

schneider-electric/imp1110-1_firmware < 3.29.69

schneider-electric/imp1110-1e_firmware < 3.29.69

schneider-electric/imp1110-1er_firmware < 3.29.69

schneider-electric/imp219-1_firmware < 3.29.69

schneider-electric/imp219-1e_firmware < 3.29.69

... and 10 more

Published Jul 03, 2018

Tracked Since Feb 18, 2026