Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2019-00899

Опубликовано: 14 фев. 2019
Источник: fstec
CVSS3: 8.8
CVSS2: 9
EPSS Низкий

Описание

Уязвимость микропрограммного обеспечения камер серий Pelco Sarix Enhanced и Spectra Enhanced связана с недостаточной нейтрализацией специальных элементов в запросе. Эксплуатация уязвимости может позволить нарушителю выполнить произвольные системные команды

Вендор

Schneider Electric

Наименование ПО

Indoor Cameras IME3122-1P
Indoor Cameras IME3122-B1S
Indoor Cameras IME119-1I
Indoor Cameras IME119-1P
Indoor Cameras IME119-1S
Indoor Cameras IME219-1I
Indoor Cameras IME219-1P
Indoor Cameras IME219-1S
Indoor Cameras IME3122-1I
Indoor Cameras IME3122-1S
Indoor Cameras IME3122-B1I
Indoor Cameras IME3122-B1P
Indoor Cameras IME319-1I
Indoor Cameras IME319-1P
Indoor Cameras IME319-1S
Indoor Cameras IME319-B1I
Indoor Cameras IME319-B1P
Indoor Cameras IME319-B1S
Indoor Cameras IMES19-1I
Indoor Cameras IMES19-1P
Indoor Cameras IMES19-1S
Environmental Cameras Mini Domes IME119-1EI
Environmental Cameras Mini Domes IME119-1EP
Environmental Cameras Mini Domes IME119-1ES
Environmental Cameras Mini Domes IME219-1EI
Environmental Cameras Mini Domes IME219-1EP
Environmental Cameras Mini Domes IME219-1ES
Environmental Cameras Mini Domes IME3122-1EI
Environmental Cameras Mini Domes IME3122-1EP
Environmental Cameras Mini Domes IME3122-1ES
Environmental Cameras Mini Domes IME319-1EI
Environmental Cameras Mini Domes IME319-1EP
Environmental Cameras Mini Domes IME319-1ES
Environmental Cameras Mini Domes IMES19-1EI
Environmental Cameras Mini Domes IMES19-1EP
Environmental Cameras Mini Domes IMES19-1ES
Vandal Resistant Mini Domes IME119-1VI
Vandal Resistant Mini Domes IME119-1VP
Vandal Resistant Mini Domes IME119-1VS
Vandal Resistant Mini Domes IME219-1VI
Vandal Resistant Mini Domes IME219-1VP
Vandal Resistant Mini Domes IME219-1VS
Vandal Resistant Mini Domes IME3122-1VI
Vandal Resistant Mini Domes IME3122-1VP
Vandal Resistant Mini Domes IME3122-1VS
Vandal Resistant Mini Domes IME319-1VI
Vandal Resistant Mini Domes IME319-1VP
Vandal Resistant Mini Domes IME319-1VS
Vandal Resistant Mini Domes IMES19-1VI
Vandal Resistant Mini Domes IMES19-1VP
Vandal Resistant Mini Domes IMES19-1VS
Box Cameras IXE11
Box Cameras IXE21
Box Cameras IXE31
Box Cameras IXES1
Spectra Enhanced PTZ D6220
Spectra Enhanced PTZ D6220L
Spectra Enhanced PTZ D6230
Spectra Enhanced PTZ D6230L

Версия ПО

до 2.2.3.0 (Indoor Cameras IME3122-1P)
до 2.2.3.0 (Indoor Cameras IME3122-B1S)
до 2.2.3.0 (Indoor Cameras IME119-1I)
до 2.2.3.0 (Indoor Cameras IME119-1P)
до 2.2.3.0 (Indoor Cameras IME119-1S)
до 2.2.3.0 (Indoor Cameras IME219-1I)
до 2.2.3.0 (Indoor Cameras IME219-1P)
до 2.2.3.0 (Indoor Cameras IME219-1S)
до 2.2.3.0 (Indoor Cameras IME3122-1I)
до 2.2.3.0 (Indoor Cameras IME3122-1S)
до 2.2.3.0 (Indoor Cameras IME3122-B1I)
до 2.2.3.0 (Indoor Cameras IME3122-B1P)
до 2.2.3.0 (Indoor Cameras IME319-1I)
до 2.2.3.0 (Indoor Cameras IME319-1P)
до 2.2.3.0 (Indoor Cameras IME319-1S)
до 2.2.3.0 (Indoor Cameras IME319-B1I)
до 2.2.3.0 (Indoor Cameras IME319-B1P)
до 2.2.3.0 (Indoor Cameras IME319-B1S)
до 2.2.3.0 (Indoor Cameras IMES19-1I)
до 2.2.3.0 (Indoor Cameras IMES19-1P)
до 2.2.3.0 (Indoor Cameras IMES19-1S)
до 2.2.3.0 (Environmental Cameras Mini Domes IME119-1EI)
до 2.2.3.0 (Environmental Cameras Mini Domes IME119-1EP)
до 2.2.3.0 (Environmental Cameras Mini Domes IME119-1ES)
до 2.2.3.0 (Environmental Cameras Mini Domes IME219-1EI)
до 2.2.3.0 (Environmental Cameras Mini Domes IME219-1EP)
до 2.2.3.0 (Environmental Cameras Mini Domes IME219-1ES)
до 2.2.3.0 (Environmental Cameras Mini Domes IME3122-1EI)
до 2.2.3.0 (Environmental Cameras Mini Domes IME3122-1EP)
до 2.2.3.0 (Environmental Cameras Mini Domes IME3122-1ES)
до 2.2.3.0 (Environmental Cameras Mini Domes IME319-1EI)
до 2.2.3.0 (Environmental Cameras Mini Domes IME319-1EP)
до 2.2.3.0 (Environmental Cameras Mini Domes IME319-1ES)
до 2.2.3.0 (Environmental Cameras Mini Domes IMES19-1EI)
до 2.2.3.0 (Environmental Cameras Mini Domes IMES19-1EP)
до 2.2.3.0 (Environmental Cameras Mini Domes IMES19-1ES)
до 2.2.3.0 (Vandal Resistant Mini Domes IME119-1VI)
до 2.2.3.0 (Vandal Resistant Mini Domes IME119-1VP)
до 2.2.3.0 (Vandal Resistant Mini Domes IME119-1VS)
до 2.2.3.0 (Vandal Resistant Mini Domes IME219-1VI)
до 2.2.3.0 (Vandal Resistant Mini Domes IME219-1VP)
до 2.2.3.0 (Vandal Resistant Mini Domes IME219-1VS)
до 2.2.3.0 (Vandal Resistant Mini Domes IME3122-1VI)
до 2.2.3.0 (Vandal Resistant Mini Domes IME3122-1VP)
до 2.2.3.0 (Vandal Resistant Mini Domes IME3122-1VS)
до 2.2.3.0 (Vandal Resistant Mini Domes IME319-1VI)
до 2.2.3.0 (Vandal Resistant Mini Domes IME319-1VP)
до 2.2.3.0 (Vandal Resistant Mini Domes IME319-1VS)
до 2.2.3.0 (Vandal Resistant Mini Domes IMES19-1VI)
до 2.2.3.0 (Vandal Resistant Mini Domes IMES19-1VP)
до 2.2.3.0 (Vandal Resistant Mini Domes IMES19-1VS)
до 2.2.3.0 (Box Cameras IXE11)
до 2.2.3.0 (Box Cameras IXE21)
до 2.2.3.0 (Box Cameras IXE31)
до 2.2.3.0 (Box Cameras IXES1)
до 2.11 (Spectra Enhanced PTZ D6220)
до 2.11 (Spectra Enhanced PTZ D6220L)
до 2.11 (Spectra Enhanced PTZ D6230)
до 2.11 (Spectra Enhanced PTZ D6230L)

Тип ПО

Микропрограммный код

Операционные системы и аппаратные платформы

-

Уровень опасности уязвимости

Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 9)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 8,8)

Возможные меры по устранению уязвимости

Обновление программного обеспечения:
Для Environmental Cameras Mini Domes (IMES19-1EI, IMES19-1ES, IMES19-1EP, IME119-1EI, IME119-1ES, IME119-1EP, IME219-1EI, IME219-1ES, IME219-1EP, IME319-1EI, IME319-1ES, IME319-1EP, IME3122-1EI, IME3122-1ES, IME3122-1EP) и Vandal Resistant Mini Domes (IMES19-1VI, IMES19-1VS, IMES19-1VP, IME119-1VI, IME119-1VS, IME119-1VP, IME219-1VI, IME219-1VS, IME219-1VP, IME319-1VI, IME319-1VS, IME319-1VP, IME3122-1VI, IME3122-1VS, IME3122-1VP):
https://www.pelco.com/search#Asset%20Type!Firmware!11002,Cameras!Sarix%20IME%20Series%20Environmental!3016172,Cameras!Sarix%20IME%20Series%20Indoor%20Mini!3016169,Cameras!Sarix%20IME%20Vandal%20Mini!3016171/tab/documents
Для Box Cameras (IXES1, IXE11, IXE21, IXE31):
https://www.pelco.com/search#Cameras!Sarix%20IXE!3016155/tab/documents
Для Spectra Enhanced PTZ (D6220, D6220L, D6230, D6230L):
https://www.pelco.com/ptz-ip-cameras/spectra-enhanced-hd-ip-domecamera#downloads
Компенсирующие меры для Indoor Cameras (IMES19-1I, IMES19-1S, IMES19-1P, IME119-1I, IME119-1S, IME119-1P, IME219-1I, IME219-1S, IME219-1P, IME319-1I, IME319-1S, IME319-1P, IME319-B1I, IME319-B1S, IME319-B1P, IME3122-1I, IME3122-B1I, IME3122-1S, IME3122-B1S, IME3122-1P, IME3122-B1P):
Размещение сети систем управления и безопасности за брандмауэрами и изолирование от деловой сети
Установление физического контроля к ICS и контроллерам безопасноти, переферийному оборудованию или ICS и сетям безопасности

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Информация об устранении отсутствует

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 66%
0.00523
Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Связанные уязвимости

nvd логотип

CVE-2018-7829

CVSS3: 8.8
nvd
больше 6 лет назад

An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands.

github логотип

GHSA-37cj-hcx2-8pv7

CVSS3: 8.8
github
больше 3 лет назад

An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands.

EPSS

Процентиль: 66%
0.00523
Низкий

8.8 High

CVSS3

9 Critical

CVSS2