CVE-2018-7244 - OpenCVE

An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to obtain sensitive device information if network access was obtained.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Mge Galaxy Pw Mge Galaxy 4000 Mge Galaxy 3000 Mge Galaxy 5000 Mge Eps 7000 Mge Galaxy 6000 Mge Galaxy 9000 Mge Comet Ups 66074 Mge Network Management Card Transverse Mge Eps 6000 Mge Eps 8000

Configuration 1 [-]

AND

cpe:2.3:h:schneider-electric:66074_mge_network_management_card_transverse:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:mge_comet_ups:-:::::::*
	cpe:2.3:h:schneider-electric:mge_eps_6000:-:::::::*
	cpe:2.3:h:schneider-electric:mge_eps_7000:-:::::::*
	cpe:2.3:h:schneider-electric:mge_eps_8000:-:::::::*
	cpe:2.3:h:schneider-electric:mge_galaxy_3000:-:::::::*
	cpe:2.3:h:schneider-electric:mge_galaxy_4000:-:::::::*
	cpe:2.3:h:schneider-electric:mge_galaxy_5000:-:::::::*
	cpe:2.3:h:schneider-electric:mge_galaxy_6000:-:::::::*
	cpe:2.3:h:schneider-electric:mge_galaxy_9000:-:::::::*
	cpe:2.3:h:schneider-electric:mge_galaxy_pw:-:::::::*

References

Link	Resource
https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2018-04-18T20:00:00

Updated: 2018-04-18T19:57:01

Reserved: 2018-02-19T00:00:00

Link: CVE-2018-7244

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-04-18T20:29:00.480

Modified: 2018-05-23T13:15:16.843

Link: CVE-2018-7244

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS", "vendor": "Schneider Electric SE", "versions": [{"status": "affected", "version": "MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000"}]}], "datePublic": "2018-03-15T00:00:00", "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to obtain sensitive device information if network access was obtained."}], "problemTypes": [{"descriptions": [{"description": "Information Exposure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-04-18T19:57:01", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7244", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS", "version": {"version_data": [{"version_value": "MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000"}]}}]}, "vendor_name": "Schneider Electric SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to obtain sensitive device information if network access was obtained."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/", "refsource": "CONFIRM", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/"}]}}}}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7244", "datePublished": "2018-04-18T20:00:00", "dateReserved": "2018-02-19T00:00:00", "dateUpdated": "2018-04-18T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:66074_mge_network_management_card_transverse:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DBB8697-64F8-4D15-8B14-CDD51E99FBCF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:mge_comet_ups:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9837318-C9B6-448E-B701-40929C96795A", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:mge_eps_6000:-:*:*:*:*:*:*:*", "matchCriteriaId": "98078458-B5AB-4AD2-9E57-390591469F37", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:mge_eps_7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "05DE2424-0969-491D-A414-81A648F2F801", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:mge_eps_8000:-:*:*:*:*:*:*:*", "matchCriteriaId": "60DC5EF0-1929-4D67-89BF-47D6F6848411", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:mge_galaxy_3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "955C94DD-90E6-4AB1-87CC-4EDACEA47DF0", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:mge_galaxy_4000:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FCAE877-B3E9-4970-B0EE-49C64C85715C", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:mge_galaxy_5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "4EBFA4F2-6574-4D58-9B0C-317229DF503E", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:mge_galaxy_6000:-:*:*:*:*:*:*:*", "matchCriteriaId": "790BF7D0-4E2D-4607-8C47-C4B707538E66", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:mge_galaxy_9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "54A1FC87-5319-4F69-9228-C664D505B1CC", "vulnerable": false}, {"criteria": "cpe:2.3:h:schneider-electric:mge_galaxy_pw:-:*:*:*:*:*:*:*", "matchCriteriaId": "59D9633E-051F-427A-BADA-61BC8501AAE9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to obtain sensitive device information if network access was obtained."}, {"lang": "es", "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en 66074 MGE Network Management Card Transverse, de Schneider Electric, instalados en MGE UPS y MGE STS. El servidor web integrado (Port 80/443/TCP) de los dispositivos afectados podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n sensible del dispositivo si obtiene acceso de red."}], "id": "CVE-2018-7244", "lastModified": "2018-05-23T13:15:16.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-18T20:29:00.480", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}