CVE-2018-7246
Last modified
CVE-2018-7246 is a vulnerability of currently unknown severity. A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. EPSS estimates a 0.85% chance of exploitation in the next 30 days.
Description
A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page "Access Control" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | 66074 Mge Network Management Card Transverse | All versions |
References
- https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/Mitigation, Vendor Advisory
- https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-7246?
How severe is CVE-2018-7246?
How do I fix CVE-2018-7246?
Are you affected by CVE-2018-7246?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST