Vulnerability Description
An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to change UPS control and shutdown parameters or other critical settings without authorization.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | 66074 Mge Network Management Card Transverse | - |
| Schneider-Electric | Mge Comet Ups | - |
| Schneider-Electric | Mge Eps 6000 | - |
| Schneider-Electric | Mge Eps 7000 | - |
| Schneider-Electric | Mge Eps 8000 | - |
| Schneider-Electric | Mge Galaxy 3000 | - |
| Schneider-Electric | Mge Galaxy 4000 | - |
| Schneider-Electric | Mge Galaxy 5000 | - |
| Schneider-Electric | Mge Galaxy 6000 | - |
| Schneider-Electric | Mge Galaxy 9000 | - |
| Schneider-Electric | Mge Galaxy Pw | - |
Related Weaknesses (CWE)
References
- https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/MitigationVendor Advisory
- https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/MitigationVendor Advisory
FAQ
What is CVE-2018-7245?
CVE-2018-7245 is a vulnerability with a CVSS score of 9.1 (CRITICAL). An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the...
How severe is CVE-2018-7245?
CVE-2018-7245 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-7245?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric 66074 Mge Network Management Card Transverse, Schneider-Electric Mge Comet Ups, Schneider-Electric Mge Eps 6000, Schneider-Electric Mge Eps 7000, Schneider-Electric Mge Eps 8000.