CVE-2018-7828

A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera when an authenticated user clicks a specially crafted malicious link while logged into the camera.

Published: May 22, 2019
Updated: Apr 13, 2023
CVE: CVE-2018-7828
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
schneider-electric / d6220_firmware	2.11	2.11.x
schneider-electric / d6220l_firmware	2.11	2.11.x
schneider-electric / d6230_firmware	2.11	2.11.x
schneider-electric / d6230l_firmware	2.11	2.11.x
schneider-electric / imes19-1i_firmware	-	2.2.3.0
schneider-electric / imes19-1s_firmware	-	2.2.3.0
schneider-electric / imes19-1p_firmware	-	2.2.3.0
schneider-electric / ime119-1i_firmware	-	2.2.3.0
schneider-electric / ime119-1s_firmware	-	2.2.3.0
schneider-electric / ime119-1p_firmware	-	2.2.3.0
schneider-electric / ime219-1i_firmware	-	2.2.3.0
schneider-electric / ime219-1s_firmware	-	2.2.3.0
schneider-electric / ime219-1p_firmware	-	2.2.3.0
schneider-electric / ime319-1i_firmware	-	2.2.3.0
schneider-electric / ime319-1s_firmware	-	2.2.3.0
schneider-electric / ime319-1p_firmware	-	2.2.3.0
schneider-electric / ime319-b1i_firmware	-	2.2.3.0
schneider-electric / ime319-b1s_firmware	-	2.2.3.0
schneider-electric / ime319-b1p_firmware	-	2.2.3.0
schneider-electric / ime3122-1i_firmware	-	2.2.3.0
schneider-electric / ime3122-b1i_firmware	-	2.2.3.0
schneider-electric / ime3122-1s_firmware	-	2.2.3.0
schneider-electric / ime3122-b1s_firmware	-	2.2.3.0
schneider-electric / ime3122-1p_firmware	-	2.2.3.0
schneider-electric / ime3122-b1p_firmware	-	2.2.3.0
schneider-electric / imes19-1ei_firmware	-	2.2.3.0
schneider-electric / imes19-1es_firmware	-	2.2.3.0
schneider-electric / imes19-1ep_firmware	-	2.2.3.0
schneider-electric / ime119-1ei_firmware	-	2.2.3.0
schneider-electric / ime119-1es_firmware	-	2.2.3.0
schneider-electric / ime119-1ep_firmware	-	2.2.3.0
schneider-electric / ime219-1ei_firmware	-	2.2.3.0
schneider-electric / ime219-1es_firmware	-	2.2.3.0
schneider-electric / ime219-1ep_firmware	-	2.2.3.0
schneider-electric / ime319-1ei_firmware	-	2.2.3.0
schneider-electric / ime319-1es_firmware	-	2.2.3.0
schneider-electric / ime319-1ep_firmware	-	2.2.3.0
schneider-electric / ime3122-1ei_firmware	-	2.2.3.0
schneider-electric / ime3122-1es_firmware	-	2.2.3.0
schneider-electric / ime3122-1ep_firmware	-	2.2.3.0
schneider-electric / imes19-1vi_firmware	-	2.2.3.0
schneider-electric / imes19-1vs_firmware	-	2.2.3.0
schneider-electric / imes19-1vp_firmware	-	2.2.3.0
schneider-electric / ime119-1vi_firmware	-	2.2.3.0
schneider-electric / ime119-1vs_firmware	-	2.2.3.0
schneider-electric / ime119-1vp_firmware	-	2.2.3.0
schneider-electric / ime219-1vi_firmware	-	2.2.3.0
schneider-electric / ime219-1vs_firmware	-	2.2.3.0
schneider-electric / ime219-1vp_firmware	-	2.2.3.0
schneider-electric / ime319-1vi_firmware	-	2.2.3.0
schneider-electric / ime319-1vs_firmware	-	2.2.3.0
schneider-electric / ime319-1vp_firmware	-	2.2.3.0
schneider-electric / ime3122-1vi_firmware	-	2.2.3.0
schneider-electric / ime3122-1vs_firmware	-	2.2.3.0
schneider-electric / ime3122-1vp_firmware	-	2.2.3.0
schneider-electric / ixes1_firmware	-	2.2.3.0
schneider-electric / ixe11_firmware	-	2.2.3.0
schneider-electric / ixe21_firmware	-	2.2.3.0
schneider-electric / ixe31_firmware	-	2.2.3.0

https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/

Vulnerability Database

289,697

CVE-2018-7828