Vulnerabilities > Schneider Electric > Imp1110 1ER Firmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-03 | CVE-2018-7780 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric products In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set". | 7.5 |
| 2018-03-09 | CVE-2018-7238 | Classic Buffer Overflow vulnerability in Schneider-Electric products A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to execute arbitrary code. | 7.5 |
| 2018-03-09 | CVE-2018-7235 | Improper Input Validation vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file' | 7.8 |
| 2018-03-09 | CVE-2018-7234 | Improper Certificate Validation vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate. | 7.8 |
| 2018-03-09 | CVE-2018-7233 | Improper Input Validation vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'model_name' or 'mac_address'. | 7.5 |
| 2018-03-09 | CVE-2018-7232 | Improper Input Validation vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'network.ieee8021x.delete_certs'. | 7.5 |
| 2018-03-09 | CVE-2018-7231 | Improper Input Validation vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'. | 7.5 |
| 2018-03-09 | CVE-2018-7229 | Use of Hard-coded Credentials vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials. | 7.5 |
| 2018-03-09 | CVE-2018-7228 | Improper Authentication vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get the administrator privileges. | 7.5 |