Pelco Sarix Professional
Approved changes feed: RSS · Atom
cpe:2.3:a:schneider_electric_se:pelco_sarix_professional:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Schneider Electric Se (25d1a66d-bfb8-5d1c-9a6c-4a2405fe5386) |
|---|---|
| Product | Pelco Sarix Professional (7749c7d4-924a-52b8-a542-64d9530d158d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-7238 |
vulnerable | 2026-06-03 14:39:06.590654 |
Details available
A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to execute arbitrary code.
Published: 2018-03-09T23:00:00.000Z
Updated: 2024-09-16T16:38:30.111Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7237 |
vulnerable | 2026-06-03 14:39:06.589272 |
Details available
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of validation of the /login/bin/set_param to the file name with the value of 'system.delete.sd_file'
Published: 2018-03-09T23:00:00.000Z
Updated: 2024-09-16T23:00:39.249Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7236 |
vulnerable | 2026-06-03 14:39:06.587948 |
Details available
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service.
Published: 2018-03-09T23:00:00.000Z
Updated: 2024-09-16T20:22:19.073Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7235 |
vulnerable | 2026-06-03 14:39:06.586588 |
Details available
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file'
Published: 2018-03-09T23:00:00.000Z
Updated: 2024-09-17T03:44:15.375Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7234 |
vulnerable | 2026-06-03 14:39:06.585290 |
Details available
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate.
Published: 2018-03-09T23:00:00.000Z
Updated: 2024-09-16T16:23:49.001Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7233 |
vulnerable | 2026-06-03 14:39:06.583922 |
Details available
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'model_name' or 'mac_address'.
Published: 2018-03-09T23:00:00.000Z
Updated: 2024-09-17T01:11:47.934Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7232 |
vulnerable | 2026-06-03 14:39:06.582604 |
Details available
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'network.ieee8021x.delete_certs'.
Published: 2018-03-09T23:00:00.000Z
Updated: 2024-09-17T00:00:59.566Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7231 |
vulnerable | 2026-06-03 14:39:06.580641 |
Details available
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'.
Published: 2018-03-09T23:00:00.000Z
Updated: 2024-09-16T19:21:08.252Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7230 |
vulnerable | 2026-06-03 14:39:06.579336 |
Details available
A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67.
Published: 2018-03-09T23:00:00.000Z
Updated: 2024-09-17T03:07:08.626Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7229 |
vulnerable | 2026-06-03 14:39:06.577991 |
Details available
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials.
Published: 2018-03-09T23:00:00.000Z
Updated: 2024-09-16T19:15:37.311Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7228 |
vulnerable | 2026-06-03 14:39:06.576574 |
Details available
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get the administrator privileges.
Published: 2018-03-09T23:00:00.000Z
Updated: 2024-09-16T23:50:44.086Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7227 |
vulnerable | 2026-06-03 14:39:06.545867 |
Details available
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker.
Published: 2018-03-09T23:00:00.000Z
Updated: 2024-09-16T20:07:30.640Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.