Critical severity9.8NVD Advisory· Published Apr 18, 2018· Updated Jun 17, 2026
CVE-2018-7246
CVE-2018-7246
Description
A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page "Access Control" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000
Patches
Vulnerability mechanics
References
1- www.schneider-electric.com/en/download/document/SEVD-2018-074-01/nvdMitigationVendor Advisory
News mentions
0No linked articles in our index yet.