Vulnerabilities > CVE-2018-7243 - Unspecified vulnerability in Schneider-Electric 66074 MGE Network Management Card Transverse

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

schneider-electric

critical

NVD

Published: 2018-04-18

Updated: 2019-10-03

Summary

An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device, bypassing the authorization system.

Vulnerable Configurations

Part	Description	Count
Hardware	Schneider-Electric Schneider Electric 66074 MGE Network Management Card Transverse - Schneider Electric MGE Comet UPS - Schneider Electric MGE EPS 6000 - Schneider Electric MGE EPS 7000 - Schneider Electric MGE EPS 8000 - Schneider Electric MGE Galaxy 3000 - Schneider Electric MGE Galaxy 4000 - Schneider Electric MGE Galaxy 5000 - Schneider Electric MGE Galaxy 6000 - Schneider Electric MGE Galaxy 9000 - Schneider Electric MGE Galaxy PW -	11

References

https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/