Vulnerabilities > Schneider Electric > Imp319 1E Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-09 | CVE-2018-7231 | Improper Input Validation vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'. | 9.8 |
| 2018-03-09 | CVE-2018-7230 | XXE vulnerability in Schneider-Electric products A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67. | 8.8 |
| 2018-03-09 | CVE-2018-7229 | Use of Hard-coded Credentials vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials. | 9.8 |
| 2018-03-09 | CVE-2018-7228 | Improper Authentication vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get the administrator privileges. | 9.8 |
| 2018-03-09 | CVE-2018-7227 | Improper Authentication vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker. | 5.3 |