Arbitrary File Download Vulnerability in Pelco Sarix Professional by Schneider Electric
CVE-2018-7234
7.5HIGH
Key Information:
- Vendor
- Schneider Electric
- Status
- Vendor
- CVE Published:
- 9 March 2018
Summary
A vulnerability has been identified in Schneider Electric's Pelco Sarix Professional that allows an attacker to download arbitrary system files. This issue arises from inadequate validation of SSL certificates across all firmware versions prior to 3.29.67. Exploiting this flaw could lead to unauthorized access to sensitive data and system components, raising serious security concerns for organizations utilizing this software.
Affected Version(s)
Pelco Sarix Professional all firmware versions prior to 3.29.74
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved