Schneider Mitigates Video System Issue

Thursday, July 14, 2016 @ 03:07 PM gHale


Schneider Electric created a firmware version to mitigate a hard-coded credential vulnerability in its Pelco Digital Sentry Video Management System, according to a report with ICS-CERT.

This vulnerability, which Schneider Electric discovered, is remotely exploitable.

RELATED STORIES
Moxa Clears MGate Vulnerability
Schneider Fixes SoMachine Vulnerability
Philips Fixes 648 Holes in Xper-IM Connect
Honeywell Updates Uniformance Fix

Pelco Digital Sentry Video Management System, versions prior to Version 7.13 suffer from the issue.

Successful exploitation of this vulnerability may allow an attacker to gain access to execute code on the affected system.

Schneider Electric is a France-based company that maintains offices in 190 countries worldwide.

The affected product, Pelco Digital Sentry Video Management System, is a video recording system.

Pelco Digital Sentry Video Management System sees action on a global basis across several sectors including commercial facilities.

The affected system contains hard-coded credentials that may allow an attacker to gain access to confidential information or execute code on the affected system.

CVE-2016-4520 is the case number assigned to this vulnerability, which Schneider Electric assigned a CVSS v3 base score of 8.6.

No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.

Schneider Electric has produced new firmware, Version 7.14, for the Pelco Digital Sentry Video Management System, which addresses the identified vulnerability. Click here for the new firmware, Version 7.14.

Schneider Electric also released a security notification, SEVD-2016-153-01.