Vulnerabilities > CVE-2018-7245 - Incorrect Authorization vulnerability in Schneider-Electric 66074 MGE Network Management Card Transverse

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

schneider-electric

CWE-863

critical

NVD

Published: 2018-04-18

Updated: 2019-10-03

Summary

An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to change UPS control and shutdown parameters or other critical settings without authorization.

Vulnerable Configurations

Part	Description	Count
Hardware	Schneider-Electric Schneider Electric 66074 MGE Network Management Card Transverse - Schneider Electric MGE Comet UPS - Schneider Electric MGE EPS 6000 - Schneider Electric MGE EPS 7000 - Schneider Electric MGE EPS 8000 - Schneider Electric MGE Galaxy 3000 - Schneider Electric MGE Galaxy 4000 - Schneider Electric MGE Galaxy 5000 - Schneider Electric MGE Galaxy 6000 - Schneider Electric MGE Galaxy 9000 - Schneider Electric MGE Galaxy PW -	11

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/