Vulnerability Details CVE-2018-7235
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file'
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
Products affected by CVE-2018-7235
-
cpe:2.3:h:schneider-electric:ibp1110-1er:-
-
cpe:2.3:h:schneider-electric:ibp219-1er:-
-
cpe:2.3:h:schneider-electric:ibp319-1er:-
-
cpe:2.3:h:schneider-electric:ibp519-1er:-
-
cpe:2.3:h:schneider-electric:ibps110-1er:-
-
cpe:2.3:h:schneider-electric:imp1110-1:-
-
cpe:2.3:h:schneider-electric:imp1110-1e:-
-
cpe:2.3:h:schneider-electric:imp1110-1er:-
-
cpe:2.3:h:schneider-electric:imp219-1:-
-
cpe:2.3:h:schneider-electric:imp219-1e:-
-
cpe:2.3:h:schneider-electric:imp219-1er:-
-
cpe:2.3:h:schneider-electric:imp319-1:-
-
cpe:2.3:h:schneider-electric:imp319-1e:-
-
cpe:2.3:h:schneider-electric:imp319-1er:-
-
cpe:2.3:h:schneider-electric:imp519-1:-
-
cpe:2.3:h:schneider-electric:imp519-1e:-
-
cpe:2.3:h:schneider-electric:imp519-1er:-
-
cpe:2.3:h:schneider-electric:imps110-1e:-
-
cpe:2.3:h:schneider-electric:imps110-1er:-
-
cpe:2.3:h:schneider-electric:mps110-1:-
-
cpe:2.3:o:schneider-electric:ibp1110-1er_firmware:*
-
cpe:2.3:o:schneider-electric:ibp219-1er_firmware:*
-
cpe:2.3:o:schneider-electric:ibp319-1er_firmware:*
-
cpe:2.3:o:schneider-electric:ibp519-1er_firmware:*
-
cpe:2.3:o:schneider-electric:ibps110-1er_firmware:*
-
cpe:2.3:o:schneider-electric:imp1110-1_firmware:*
-
cpe:2.3:o:schneider-electric:imp1110-1e_firmware:*
-
cpe:2.3:o:schneider-electric:imp1110-1er_firmware:*
-
cpe:2.3:o:schneider-electric:imp219-1_firmware:*
-
cpe:2.3:o:schneider-electric:imp219-1e_firmware:*
-
cpe:2.3:o:schneider-electric:imp219-1er_firmware:*
-
cpe:2.3:o:schneider-electric:imp319-1_firmware:*
-
cpe:2.3:o:schneider-electric:imp319-1e_firmware:*
-
cpe:2.3:o:schneider-electric:imp319-1er_firmware:*
-
cpe:2.3:o:schneider-electric:imp519-1_firmware:*
-
cpe:2.3:o:schneider-electric:imp519-1e_firmware:*
-
cpe:2.3:o:schneider-electric:imp519-1er_firmware:*
-
cpe:2.3:o:schneider-electric:imps110-1e_firmware:*
-
cpe:2.3:o:schneider-electric:imps110-1er_firmware:*
-
cpe:2.3:o:schneider-electric:mps110-1_firmware:*