CVE-2018-7243

Summary

An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device, bypassing the authorization system.

Affected Software

VendorProductVersion RangeStatus
Schneider Electric SE66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STSMGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000affected

Weaknesses

  • Authorization Bypass

ADP Enrichment

CVE Program Container

Additional References

References