1. Home
  2. CVE Database
  3. CVE-2018-7246
CRITICAL · 9.8

CVE-2018-7246

A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (...

Vulnerability Description

A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page "Access Control" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Schneider-Electric66074 Mge Network Management Card Transverse-
Schneider-ElectricMge Comet Ups-
Schneider-ElectricMge Eps 6000-
Schneider-ElectricMge Eps 7000-
Schneider-ElectricMge Eps 8000-
Schneider-ElectricMge Galaxy 3000-
Schneider-ElectricMge Galaxy 4000-
Schneider-ElectricMge Galaxy 5000-
Schneider-ElectricMge Galaxy 6000-
Schneider-ElectricMge Galaxy 9000-
Schneider-ElectricMge Galaxy Pw-

Related Weaknesses (CWE)

CWE-319

References

FAQ

What is CVE-2018-7246?

CVE-2018-7246 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (...

How severe is CVE-2018-7246?

CVE-2018-7246 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-7246?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric 66074 Mge Network Management Card Transverse, Schneider-Electric Mge Comet Ups, Schneider-Electric Mge Eps 6000, Schneider-Electric Mge Eps 7000, Schneider-Electric Mge Eps 8000.