Schneider Electric released new firmware to mitigate path traversal and improper access control vulnerabilities in its Pelco VideoXpert Enterprise, according to a report with ICS-CERT.
Pelco VideoXpert Enterprise all versions prior to 2.1 suffer from the remotely exploitable vulnerabilities, discovered by Gjoko Krstic.
Successful exploitation of these vulnerabilities may allow an authorized user to gain system privileges or an unauthorized user to view files.
No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.
By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack.
CVE-2017-9964 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.9.
In addition, using a directory traversal attack, an unauthorized person can view web server files.
CVE-2017-9965 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.8.
Also, by replacing certain files, an authorized user can obtain system privileges and the inserted code would execute at an elevated privilege level.
CVE-2017-9966 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.1.
The product sees use mainly in the commercial facilities sector. It does see action on a global basis.
Paris, France-based Schneider Electric released firmware Version 2.1 for VideoXpert to address these vulnerabilities.
More information on the new firmware and the issues it was created to address can be found in Schneider Electric Security Notification SEVD-2017-339-01.