Vulnerability Description
An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device, bypassing the authorization system.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | 66074 Mge Network Management Card Transverse | - |
| Schneider-Electric | Mge Comet Ups | - |
| Schneider-Electric | Mge Eps 6000 | - |
| Schneider-Electric | Mge Eps 7000 | - |
| Schneider-Electric | Mge Eps 8000 | - |
| Schneider-Electric | Mge Galaxy 3000 | - |
| Schneider-Electric | Mge Galaxy 4000 | - |
| Schneider-Electric | Mge Galaxy 5000 | - |
| Schneider-Electric | Mge Galaxy 6000 | - |
| Schneider-Electric | Mge Galaxy 9000 | - |
| Schneider-Electric | Mge Galaxy Pw | - |
References
- https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/Vendor Advisory
- https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/Vendor Advisory
FAQ
What is CVE-2018-7243?
CVE-2018-7243 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the a...
How severe is CVE-2018-7243?
CVE-2018-7243 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-7243?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric 66074 Mge Network Management Card Transverse, Schneider-Electric Mge Comet Ups, Schneider-Electric Mge Eps 6000, Schneider-Electric Mge Eps 7000, Schneider-Electric Mge Eps 8000.