{ "CVE_data_meta" : { "ASSIGNER" : "cybersecurity@schneider-electric.com", "ID" : "CVE-2018-7246", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS", "version" : { "version_data" : [ { "version_value" : "MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000" } ] } } ] }, "vendor_name" : "Schneider Electric SE" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page \"Access Control\" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext" } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "Cleartext Transmission of Sensitive Information" } ] } ] }, "references" : { "reference_data" : [ { "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/", "refsource" : "CONFIRM", "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/" } ] } }