Vulnerability Description
A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Ap9630 Firmware | < 6.7.2 |
| Schneider-Electric | Ap9630 | - |
| Schneider-Electric | Smart-Ups Srt 5Kva Firmware | < 6.7.2 |
| Schneider-Electric | Smart-Ups Srt 5Kva | - |
| Schneider-Electric | Ap9631 Firmware | < 6.7.2 |
| Schneider-Electric | Ap9631 | - |
| Schneider-Electric | Ap9635 Firmware | < 6.7.2 |
| Schneider-Electric | Ap9635 | - |
Related Weaknesses (CWE)
References
- https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdfVendor Advisory
- https://www.apc.com/salestools/CCON-BFQMXC/CCON-BFQMXC_R0_EN.pdfVendor Advisory
FAQ
What is CVE-2018-7820?
CVE-2018-7820 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitor...
How severe is CVE-2018-7820?
CVE-2018-7820 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-7820?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Ap9630 Firmware, Schneider-Electric Ap9630, Schneider-Electric Smart-Ups Srt 5Kva Firmware, Schneider-Electric Smart-Ups Srt 5Kva, Schneider-Electric Ap9631 Firmware.