Vulnerability Description
Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Pelco Digital Sentry Video Management System Firmware | <= 7.6.32.9203 |
References
- http://www.schneider-electric.com/ww/en/download/document/SEVD-2016-153-01PatchVendor Advisory
- http://www.securityfocus.com/bid/91783
- https://ics-cert.us-cert.gov/advisories/ICSA-16-196-01Third Party AdvisoryUS Government Resource
- http://www.schneider-electric.com/ww/en/download/document/SEVD-2016-153-01PatchVendor Advisory
- http://www.securityfocus.com/bid/91783
- https://ics-cert.us-cert.gov/advisories/ICSA-16-196-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2016-4520?
CVE-2016-4520 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary ...
How severe is CVE-2016-4520?
CVE-2016-4520 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-4520?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Pelco Digital Sentry Video Management System Firmware.