NSFOCUS Found Multiple Vulnerabilities in Schneider Pelco Sarix professional Cameras

NSFOCUS Found Multiple Vulnerabilities in Schneider Pelco Sarix professional Cameras

March 6, 2018 | Adeline Zhang

Multiple vulnerabilities were found by NSFOCUS researchers in Schneider Pelco Sarix professional Cameras.

These vulnerabilities included:

CVE# Vulnerability Severity
CVE-2018-7227 Information Disclosure Medium
CVE-2018-7228 Admin Privilege Authentication Bypass High
CVE-2018-7229 Admin Privilege Authentication Bypass High
CVE-2018-7230 XML External Entity Vulnerability High
CVE-2018-7231 Command Execution – ‘system.opkg.remove’ Critical
CVE-2018-7232 Command Execution – ‘network.ieee8021x.delete_certs’ Critical
CVE-2018-7233 Command Execution – ‘model_name’ or ‘mac_address’ Critical
CVE-2018-7234 Arbitrary File Download – ssldownload.cgi High
CVE-2018-7235 Command Execution – ‘system.download.sd_file’ High
CVE-2018-7236 Remotely –opened SSL service in set_param/ Authentication Bypass High
CVE-2018-7237 Arbitrary File Delete – system.delete.sd_file Critical
CVE-2018-7238 Web-based GUI Buffer Overflow High

Affected versions

Pelco Sarix Professional Firmware < 3.29.67

Unaffected version

Pelco Sarix Professional firmware 3.29.67

Recommended Solutions

Schneider Electric has released the new version 3.29.67 to fix these vulnerabilities. Users using the affected versions are advised to download and update to the new version immediately.

The new version can be downloaded at:

https://www.pelco.com/search#keyword/v3.29.67/tab/documents

In addition, NSFOCUS’s ICSScan (Scanner for Industrial Control Systems) can scan and detect all vulnerabilities mentioned above. For users with NSFOCUS ICSScan, please visit the following link and keep your ICSScan updated.

http://update.nsfocus.com/update/listICSScan

The vulnerabilities detected this time have tremendous impact on the series of Schneider products and could potentially enable hackers to take over control to steal information from whatever the camera is monitoring. Schneider viewed these vulnerabilities as either high or critical severity and issued an immediate firmware update after receiving our report. The CVE numbers were also assigned  instantly to make sure that people get noticed without any delay.