← back
CVE-2018-7235

CVE-2018-7235

EPSS 1.6%
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file'
Affected products
Schneider Electric SE · Pelco Sarix Professional

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/