A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page "Access Control" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext
References
Link | Resource |
---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/ | Mitigation Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: schneider
Published: 2018-04-18T20:00:00
Updated: 2018-04-18T19:57:01
Reserved: 2018-02-19T00:00:00
Link: CVE-2018-7246
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-04-18T20:29:00.577
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-7246
JSON object: View
Redhat Information
No data.
CWE