CVE-2018-7829 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2018-7829?

CVE-2018-7829 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-7829?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric D6220 Firmware, Schneider-Electric D6220, Schneider-Electric D6220L Firmware, Schneider-Electric D6220L, Schneider-Electric D6230 Firmware.

Vulnerability Description

An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Schneider-Electric	D6220 Firmware	>= 2.11
Schneider-Electric	D6220	-
Schneider-Electric	D6220L Firmware	>= 2.11
Schneider-Electric	D6220L	-
Schneider-Electric	D6230 Firmware	>= 2.11
Schneider-Electric	D6230	-
Schneider-Electric	D6230L Firmware	>= 2.11
Schneider-Electric	D6230L	-
Schneider-Electric	Imes19-1I Firmware	< 2.2.3.0
Schneider-Electric	Imes19-1I	-
Schneider-Electric	Imes19-1S Firmware	< 2.2.3.0
Schneider-Electric	Imes19-1S	-
Schneider-Electric	Imes19-1P Firmware	< 2.2.3.0
Schneider-Electric	Imes19-1P	-
Schneider-Electric	Ime119-1I Firmware	< 2.2.3.0
Schneider-Electric	Ime119-1I	-
Schneider-Electric	Ime119-1S Firmware	< 2.2.3.0
Schneider-Electric	Ime119-1S	-
Schneider-Electric	Ime119-1P Firmware	< 2.2.3.0
Schneider-Electric	Ime119-1P	-

Related Weaknesses (CWE)

CWE-943

References

https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/MitigationVendor Advisory
https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/MitigationVendor Advisory

FAQ

What is CVE-2018-7829?

CVE-2018-7829 is a vulnerability with a CVSS score of 8.8 (HIGH). An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary s...

How severe is CVE-2018-7829?

CVE-2018-7829 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-7829?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric D6220 Firmware, Schneider-Electric D6220, Schneider-Electric D6220L Firmware, Schneider-Electric D6220L, Schneider-Electric D6230 Firmware.