SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-461148134] Schneider Electric Pelco VideoXpert Enterprise

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-12-21OtherSchneider ElectricGjoko Krstic reported these vulnerabilities to Schneider Electric.N/ACVE-2017-9964 CVE-2017-9965 CVE-2017-9966 N/AN/AN/A

Source

						
							
								
#
# Schneider Electric Pelco VideoXpert Enterprise
#


### VULNERABLE VENDOR
Schneider Electric


### VULNERABLE PRODUCT
Pelco VideoXpert Enterprise 


### RESEARCHER
Gjoko Krstic reported these vulnerabilities to Schneider Electric.


### AFFECTED PRODUCTS
Schneider Electric reports that the vulnerabilities affect the following Pelco VideoXpert Enterprise products:

Pelco VideoXpert Enterprise all versions prior to 2.1



### IMPACT
Successful exploitation of these vulnerabilities may allow an authorized user to gain system privileges or an unauthorized user to view files.


### VULNERABILITY OVERVIEW
IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack.
CVE-2017-9964 has been assigned to this vulnerability.
A CVSS v3 base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N)


IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
Using a directory traversal attack, an unauthorized person can view web server files.
CVE-2017-9965 has been assigned to this vulnerability.
A CVSS v3 base score of 5.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)


IMPROPER ACCESS CONTROL CWE-284
By replacing certain files, an authorized user can obtain system privileges and the inserted code would execute at an elevated privilege level.
CVE-2017-9966 has been assigned to this vulnerability.
A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)





### BACKGROUND
Critical Infrastructure Sector: Commercial facilities
Countries/Areas Deployed: Worldwide
Company Headquarters Location: France




### MITIGATION

Schneider Electric has released firmware Version 2.1 for VideoXpert to address these vulnerabilities. It can be downloaded from the following location:

https://www.pelco.com/search?documentUUID=478b93c1-d908-4438-867f-7bcf849b28a8&title=VideoXpert Core Software v2.1


 More information on the new firmware and the issues it was created to address can be found in Schneider Electric Security Notification SEVD-2017-339-01 at the following location:

https://www.schneider-electric.com/en/download/document/SEVD-2017-339-01/