Arbitrary File Download Vulnerability in Pelco Sarix Professional by Schneider Electric
CVE-2018-7234
7.5HIGH
Key Information:
- Vendor
Schneider Electric
- Status
- Vendor
- CVE Published:
- 9 March 2018
What is CVE-2018-7234?
A vulnerability has been identified in Schneider Electric's Pelco Sarix Professional that allows an attacker to download arbitrary system files. This issue arises from inadequate validation of SSL certificates across all firmware versions prior to 3.29.67. Exploiting this flaw could lead to unauthorized access to sensitive data and system components, raising serious security concerns for organizations utilizing this software.
Affected Version(s)
Pelco Sarix Professional all firmware versions prior to 3.29.74