Multiple vulnerabilities were found by NSFOCUS researchers in Schneider Pelco Sarix professional Cameras.
These vulnerabilities included:
| CVE# | Vulnerability | Severity |
| CVE-2018-7227 | Information Disclosure | Medium |
| CVE-2018-7228 | Admin Privilege Authentication Bypass | High |
| CVE-2018-7229 | Admin Privilege Authentication Bypass | High |
| CVE-2018-7230 | XML External Entity Vulnerability | High |
| CVE-2018-7231 | Command Execution – ‘system.opkg.remove’ | Critical |
| CVE-2018-7232 | Command Execution – ‘network.ieee8021x.delete_certs’ | Critical |
| CVE-2018-7233 | Command Execution – ‘model_name’ or ‘mac_address’ | Critical |
| CVE-2018-7234 | Arbitrary File Download – ssldownload.cgi | High |
| CVE-2018-7235 | Command Execution – ‘system.download.sd_file’ | High |
| CVE-2018-7236 | Remotely –opened SSL service in set_param/ Authentication Bypass | High |
| CVE-2018-7237 | Arbitrary File Delete – system.delete.sd_file | Critical |
| CVE-2018-7238 | Web-based GUI Buffer Overflow | High |
Affected versions
Pelco Sarix Professional Firmware < 3.29.67
Unaffected version
Pelco Sarix Professional firmware 3.29.67
Recommended Solutions
Schneider Electric has released the new version 3.29.67 to fix these vulnerabilities. Users using the affected versions are advised to download and update to the new version immediately.
The new version can be downloaded at:
https://www.pelco.com/search#keyword/v3.29.67/tab/documents
In addition, NSFOCUS’s ICSScan (Scanner for Industrial Control Systems) can scan and detect all vulnerabilities mentioned above. For users with NSFOCUS ICSScan, please visit the following link and keep your ICSScan updated.
http://update.nsfocus.com/update/listICSScan
The vulnerabilities detected this time have tremendous impact on the series of Schneider products and could potentially enable hackers to take over control to steal information from whatever the camera is monitoring. Schneider viewed these vulnerabilities as either high or critical severity and issued an immediate firmware update after receiving our report. The CVE numbers were also assigned instantly to make sure that people get noticed without any delay.
