A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions before 3.29.67 which could allow a remote malicious user to delete arbitrary system file due to lack of validation of the /login/bin/set_param to the file name with the value of 'system.delete.sd_file'
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
schneider-electric mps110-1_firmware |
||
schneider-electric imps110-1er_firmware |
||
schneider-electric ibps110-1er_firmware |
||
schneider-electric imp1110-1_firmware |
||
schneider-electric imp1110-1e_firmware |
||
schneider-electric imp1110-1er_firmware |
||
schneider-electric ibp1110-1er_firmware |
||
schneider-electric imp219-1_firmware |
||
schneider-electric imp219-1e_firmware |
||
schneider-electric imp219-1er_firmware |
||
schneider-electric ibp219-1er_firmware |
||
schneider-electric imp319-1_firmware |
||
schneider-electric imp319-1e_firmware |
||
schneider-electric ibp319-1er_firmware |
||
schneider-electric imp519-1_firmware |
||
schneider-electric imp319-1er_firmware |
||
schneider-electric imp519-1e_firmware |
||
schneider-electric imp519-1er_firmware |
||
schneider-electric ibp519-1er_firmware |
||
schneider-electric imps110-1e_firmware |