CVE-2018-7245
Last modified
CVE-2018-7245 is a vulnerability of currently unknown severity. An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to change UPS control and shutdown parameters or other critical settings without authorization.. EPSS estimates a 1.26% chance of exploitation in the next 30 days.
Description
An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to change UPS control and shutdown parameters or other critical settings without authorization.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | 66074 Mge Network Management Card Transverse | All versions |
References
- https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/Mitigation, Vendor Advisory
- https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-7245?
How severe is CVE-2018-7245?
How do I fix CVE-2018-7245?
Are you affected by CVE-2018-7245?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST