Sign-up

ID

VAR-201811-0564


CVE

CVE-2018-7807


TITLE

Data Center Expert Path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012799

DESCRIPTION

Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. Data Center Expert Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric StruxureWare Data Center Expert is a set of centralized data center infrastructure management software from Schneider Electric (France). The software collects and distributes critical alerts, surveillance videos, and critical information, and supports a unified view of the physical infrastructure environment from anywhere on the network. Schneider Electric StruxureWare Data Center Expert has a security vulnerability

Trust: 2.34

sources: NVD: CVE-2018-7807 // JVNDB: JVNDB-2018-012799 // CNVD: CNVD-2019-45194 // IVD: 9b3ded0d-d6b9-422d-aaa4-f29109720cd5

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 9b3ded0d-d6b9-422d-aaa4-f29109720cd5 // CNVD: CNVD-2019-45194

AFFECTED PRODUCTS

vendor:schneider electricmodel:struxureware data center expertscope:lteversion:7.5.0

Trust: 1.8

vendor:schneidermodel:electric struxureware data center expertscope:lteversion:<=7.5.0

Trust: 0.8

vendor:schneider electricmodel:struxureware data center expertscope:eqversion:7.5.0

Trust: 0.6

sources: IVD: 9b3ded0d-d6b9-422d-aaa4-f29109720cd5 // CNVD: CNVD-2019-45194 // JVNDB: JVNDB-2018-012799 // CNNVD: CNNVD-201812-006 // NVD: CVE-2018-7807

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7807
value: HIGH

Trust: 1.0

NVD: CVE-2018-7807
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-45194
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201812-006
value: MEDIUM

Trust: 0.6

IVD: 9b3ded0d-d6b9-422d-aaa4-f29109720cd5
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2018-7807
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-45194
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 9b3ded0d-d6b9-422d-aaa4-f29109720cd5
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-7807
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 9b3ded0d-d6b9-422d-aaa4-f29109720cd5 // CNVD: CNVD-2019-45194 // JVNDB: JVNDB-2018-012799 // CNNVD: CNNVD-201812-006 // NVD: CVE-2018-7807

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2018-012799 // NVD: CVE-2018-7807

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-006

TYPE

Path traversal

Trust: 0.8

sources: IVD: 9b3ded0d-d6b9-422d-aaa4-f29109720cd5 // CNNVD: CNNVD-201812-006

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012799

PATCH
title:Security fixes in StruxureWare Data Center Expert v7.6.0url:https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
Trust: 0.8
title:Patch for Schneider Electric StruxureWare Data Center Expert has an unknown vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/194047
Trust: 0.6
title:Schneider Electric StruxureWare Data Center Expert Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87342
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-45194 // 
            
            
            
            JVNDB: JVNDB-2018-012799 // 
            
            
            
            CNNVD: CNNVD-201812-006

EXTERNAL IDS
db:NVDid:CVE-2018-7807
Trust: 3.2
db:CNVDid:CNVD-2019-45194
Trust: 0.8
db:CNNVDid:CNNVD-201812-006
Trust: 0.8
db:JVNDBid:JVNDB-2018-012799
Trust: 0.8
db:IVDid:9B3DED0D-D6B9-422D-AAA4-F29109720CD5
Trust: 0.2
sources:
            
            
            IVD: 9b3ded0d-d6b9-422d-aaa4-f29109720cd5 // 
            
            
            
            CNVD: CNVD-2019-45194 // 
            
            
            
            JVNDB: JVNDB-2018-012799 // 
            
            
            
            CNNVD: CNNVD-201812-006 // 
            
            
            
            NVD: CVE-2018-7807

REFERENCES
url:https://help.ecostruxureit.com/display/public/uadce725/security+fixes+in+struxureware+data+center+expert+v7.6.0
Trust: 2.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7807
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7807
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-45194 // 
            
            
            
            JVNDB: JVNDB-2018-012799 // 
            
            
            
            CNNVD: CNNVD-201812-006 // 
            
            
            
            NVD: CVE-2018-7807

SOURCES
db:IVDid:9b3ded0d-d6b9-422d-aaa4-f29109720cd5
db:CNVDid:CNVD-2019-45194
db:JVNDBid:JVNDB-2018-012799
db:CNNVDid:CNNVD-201812-006
db:NVDid:CVE-2018-7807

LAST UPDATE DATE
2024-11-23T23:08:33.312000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-45194date:2019-12-13T00:00:00
db:JVNDBid:JVNDB-2018-012799date:2019-02-07T00:00:00
db:CNNVDid:CNNVD-201812-006date:2018-12-03T00:00:00
db:NVDid:CVE-2018-7807date:2024-11-21T04:12:46.247

SOURCES RELEASE DATE
db:IVDid:9b3ded0d-d6b9-422d-aaa4-f29109720cd5date:2019-12-13T00:00:00
db:CNVDid:CNVD-2019-45194date:2019-12-13T00:00:00
db:JVNDBid:JVNDB-2018-012799date:2019-02-07T00:00:00
db:CNNVDid:CNNVD-201812-006date:2018-12-03T00:00:00
db:NVDid:CVE-2018-7807date:2018-11-30T19:29:00.390