CVE-2018-7828 - Vulnerability Details

A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera when an authenticated user clicks a specially crafted malicious link while logged into the camera.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00241.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Pelco Sarix Enhanced and Spectra Enhanced, Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ

affected

Version	Status	Constraints
`Pelco Sarix Enhanced and Spectra Enhanced, Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:d6220_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:d6220:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:d6220l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:d6220l:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:schneider-electric:d6230_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:d6230:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:schneider-electric:d6230l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:d6230l:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:schneider-electric:imes19-1i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imes19-1i:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:schneider-electric:imes19-1s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imes19-1s:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:schneider-electric:imes19-1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imes19-1p:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:schneider-electric:ime119-1i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime119-1i:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:schneider-electric:ime119-1s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime119-1s:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:schneider-electric:ime119-1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime119-1p:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:schneider-electric:ime219-1i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime219-1i:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:schneider-electric:ime219-1s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime219-1s:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:schneider-electric:ime219-1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime219-1p:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:schneider-electric:ime319-1i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime319-1i:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:schneider-electric:ime319-1s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime319-1s:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:schneider-electric:ime319-1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime319-1p:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:schneider-electric:ime319-b1i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime319-b1i:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:schneider-electric:ime319-b1s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime319-b1s:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:schneider-electric:ime319-b1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime319-b1p:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:schneider-electric:ime3122-1i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime3122-1i:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:schneider-electric:ime3122-b1i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime3122-b1i:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:schneider-electric:ime3122-1s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime3122-1s:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:schneider-electric:ime3122-b1s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime3122-b1s:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:schneider-electric:ime3122-1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime3122-1p:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:schneider-electric:ime3122-b1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime3122-b1p:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:schneider-electric:imes19-1ei_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imes19-1ei:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:schneider-electric:imes19-1es_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imes19-1es:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:schneider-electric:imes19-1ep_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imes19-1ep:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:schneider-electric:ime119-1ei_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime119-1ei:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:schneider-electric:ime119-1es_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime119-1es:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:schneider-electric:ime119-1ep_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime119-1ep:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:schneider-electric:ime219-1ei_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime219-1ei:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:schneider-electric:ime219-1es_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime219-1es:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:schneider-electric:ime219-1ep_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime219-1ep:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:schneider-electric:ime319-1ei_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime319-1ei:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:schneider-electric:ime319-1es_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime319-1es:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:schneider-electric:ime319-1ep_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime319-1ep:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:schneider-electric:ime3122-1ei_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime3122-1ei:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:schneider-electric:ime3122-1es_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime3122-1es:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:schneider-electric:ime3122-1ep_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime3122-1ep:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:schneider-electric:imes19-1vi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imes19-1vi:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:schneider-electric:imes19-1vs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imes19-1vs:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:schneider-electric:imes19-1vp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:imes19-1vp:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:schneider-electric:ime119-1vi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime119-1vi:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:schneider-electric:ime119-1vs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime119-1vs:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

cpe:2.3:o:schneider-electric:ime119-1vp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime119-1vp:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:o:schneider-electric:ime219-1vi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime219-1vi:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND

cpe:2.3:o:schneider-electric:ime219-1vs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime219-1vs:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND

cpe:2.3:o:schneider-electric:ime219-1vp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime219-1vp:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND

cpe:2.3:o:schneider-electric:ime319-1vi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime319-1vi:-:*:*:*:*:*:*:*

Configuration 51 [-]

AND

cpe:2.3:o:schneider-electric:ime319-1vs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime319-1vs:-:*:*:*:*:*:*:*

Configuration 52 [-]

AND

cpe:2.3:o:schneider-electric:ime319-1vp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime319-1vp:-:*:*:*:*:*:*:*

Configuration 53 [-]

AND

cpe:2.3:o:schneider-electric:ime3122-1vi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime3122-1vi:-:*:*:*:*:*:*:*

Configuration 54 [-]

AND

cpe:2.3:o:schneider-electric:ime3122-1vs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime3122-1vs:-:*:*:*:*:*:*:*

Configuration 55 [-]

AND

cpe:2.3:o:schneider-electric:ime3122-1vp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ime3122-1vp:-:*:*:*:*:*:*:*

Configuration 56 [-]

AND

cpe:2.3:o:schneider-electric:ixes1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ixes1:-:*:*:*:*:*:*:*

Configuration 57 [-]

AND

cpe:2.3:o:schneider-electric:ixe11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ixe11:-:*:*:*:*:*:*:*

Configuration 58 [-]

AND

cpe:2.3:o:schneider-electric:ixe21_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ixe21:-:*:*:*:*:*:*:*

Configuration 59 [-]

AND

cpe:2.3:o:schneider-electric:ixe31_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:ixe31:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Schneider-electric Subscribe	D6220 Subscribe D6220 Firmware Subscribe D6220l Subscribe D6220l Firmware Subscribe D6230 Subscribe D6230 Firmware Subscribe D6230l Subscribe D6230l Firmware Subscribe Ime119-1ei Subscribe Ime119-1ei Firmware Subscribe Ime119-1ep Subscribe Ime119-1ep Firmware Subscribe Ime119-1es Subscribe Ime119-1es Firmware Subscribe Ime119-1i Subscribe Ime119-1i Firmware Subscribe Ime119-1p Subscribe Ime119-1p Firmware Subscribe Ime119-1s Subscribe Ime119-1s Firmware Subscribe Ime119-1vi Subscribe Ime119-1vi Firmware Subscribe Ime119-1vp Subscribe Ime119-1vp Firmware Subscribe Ime119-1vs Subscribe Ime119-1vs Firmware Subscribe Ime219-1ei Subscribe Ime219-1ei Firmware Subscribe Ime219-1ep Subscribe Ime219-1ep Firmware Subscribe Ime219-1es Subscribe Ime219-1es Firmware Subscribe Ime219-1i Subscribe Ime219-1i Firmware Subscribe Ime219-1p Subscribe Ime219-1p Firmware Subscribe Ime219-1s Subscribe Ime219-1s Firmware Subscribe Ime219-1vi Subscribe Ime219-1vi Firmware Subscribe Ime219-1vp Subscribe Ime219-1vp Firmware Subscribe Ime219-1vs Subscribe Ime219-1vs Firmware Subscribe Ime3122-1ei Subscribe Ime3122-1ei Firmware Subscribe Ime3122-1ep Subscribe Ime3122-1ep Firmware Subscribe Ime3122-1es Subscribe Ime3122-1es Firmware Subscribe Ime3122-1i Subscribe Ime3122-1i Firmware Subscribe Ime3122-1p Subscribe Ime3122-1p Firmware Subscribe Ime3122-1s Subscribe Ime3122-1s Firmware Subscribe Ime3122-1vi Subscribe Ime3122-1vi Firmware Subscribe Ime3122-1vp Subscribe Ime3122-1vp Firmware Subscribe Ime3122-1vs Subscribe Ime3122-1vs Firmware Subscribe Ime3122-b1i Subscribe Ime3122-b1i Firmware Subscribe Ime3122-b1p Subscribe Ime3122-b1p Firmware Subscribe Ime3122-b1s Subscribe Ime3122-b1s Firmware Subscribe Ime319-1ei Subscribe Ime319-1ei Firmware Subscribe Ime319-1ep Subscribe Ime319-1ep Firmware Subscribe Ime319-1es Subscribe Ime319-1es Firmware Subscribe Ime319-1i Subscribe Ime319-1i Firmware Subscribe Ime319-1p Subscribe Ime319-1p Firmware Subscribe Ime319-1s Subscribe Ime319-1s Firmware Subscribe Ime319-1vi Subscribe Ime319-1vi Firmware Subscribe Ime319-1vp Subscribe Ime319-1vp Firmware Subscribe Ime319-1vs Subscribe Ime319-1vs Firmware Subscribe Ime319-b1i Subscribe Ime319-b1i Firmware Subscribe Ime319-b1p Subscribe Ime319-b1p Firmware Subscribe Ime319-b1s Subscribe Ime319-b1s Firmware Subscribe Imes19-1ei Subscribe Imes19-1ei Firmware Subscribe Imes19-1ep Subscribe Imes19-1ep Firmware Subscribe Imes19-1es Subscribe Imes19-1es Firmware Subscribe Imes19-1i Subscribe Imes19-1i Firmware Subscribe Imes19-1p Subscribe Imes19-1p Firmware Subscribe Imes19-1s Subscribe Imes19-1s Firmware Subscribe Imes19-1vi Subscribe Imes19-1vi Firmware Subscribe Imes19-1vp Subscribe Imes19-1vp Firmware Subscribe Imes19-1vs Subscribe Imes19-1vs Firmware Subscribe Ixe11 Subscribe Ixe11 Firmware Subscribe Ixe21 Subscribe Ixe21 Firmware Subscribe Ixe31 Subscribe Ixe31 Firmware Subscribe Ixes1 Subscribe Ixes1 Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2018-19540	A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera when an authenticated user clicks a specially crafted malicious link while logged into the camera.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2019-05-22T19:34:25

Updated: 2024-08-05T06:37:59.496Z

Reserved: 2018-03-08T00:00:00

Link: CVE-2018-7828

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-05-22T20:29:01.307

Modified: 2024-11-21T04:12:48.500

Link: CVE-2018-7828

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-352

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object