Schneider-Electric: >> Pelco Videoxpert Security Vulnerabilities
A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack.
CVSS Score
6.9
EPSS Score
0.005
Published
2018-01-02
An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files.
CVSS Score
5.8
EPSS Score
0.019
Published
2018-01-02
A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level.
CVSS Score
7.1
EPSS Score
0.005
Published
2018-01-02