Schneider-Electric: >> Ibp519-1er Security Vulnerabilities
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate.
CVSS Score
7.5
EPSS Score
0.001
Published
2018-03-09
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file'
CVSS Score
7.5
EPSS Score
0.003
Published
2018-03-09
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service.
CVSS Score
8.1
EPSS Score
0.002
Published
2018-03-09
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of validation of the /login/bin/set_param to the file name with the value of 'system.delete.sd_file'
CVSS Score
9.1
EPSS Score
0.005
Published
2018-03-09
A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.027
Published
2018-03-09
Page 2