Vulnerabilities > Schneider Electric > Mps110 1 Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-09 | CVE-2018-7237 | Improper Input Validation vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of validation of the /login/bin/set_param to the file name with the value of 'system.delete.sd_file' | 6.4 |
| 2018-03-09 | CVE-2018-7236 | Improper Authentication vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service. | 5.8 |
| 2018-03-09 | CVE-2018-7230 | XXE vulnerability in Schneider-Electric products A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67. | 6.8 |
| 2018-03-09 | CVE-2018-7227 | Improper Authentication vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker. | 5.0 |