← Advisories

Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal

High
Advisory ID
ZSL-2017-5419
Release Date
10 July 2017
Vendor
Schneider Electric SE - https://www.pelco.com
Affected Version
2.0.41, 1.14.7, 1.12.105
CVE
CVE-2017-9965
Tested On
Microsoft Windows 7 Professional SP1 (EN)
Summary

VideoXpert is a video management solution designed for scalability, fitting the needs surveillance operations of any size. VideoXpert Ultimate can also aggregate other VideoXpert systems, tying multiple video management systems into a single interface.

Description

Pelco VideoXpert suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server.

Proof of Concept
pelcovideoxpert_fd.txtTXT
Disclosure Timeline
05.04.2017Vulnerabilities discovered.
28.04.2017Vendor contacted.
09.07.2017No response from the vendor.
10.07.2017Public security advisory released.
05.12.2017Vendor releases version 2.1 to address this issue.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://www.exploit-db.com/exploits/42311/
[2]https://cxsecurity.com/issue/WLB-2017070077
[3]https://packetstormsecurity.com/files/143317
[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/129663
[5]https://www.schneider-electric.com/b2b/en/support/cybersecurity/security-notifications.jsp
[6]https://www.schneider-electric.com/en/download/document/SEVD-2017-339-01/
[8]https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9965
[9]https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02
[10]https://www.securityfocus.com/bid/102338
[11]http://securityaffairs.co/wordpress/67108/hacking/pelco-videoxpert-flaws.html
[12]https://www.cybersecurity-help.cz/vdb/SB2017122204
[13]https://nvd.nist.gov/vuln/detail/CVE-2017-9965
[14]http://www.isssource.com/schneider-clears-pelco-vulnerabilities/
[15]http://www.securityweek.com/schneider-electric-patches-flaws-pelco-video-management-system
Changelog
10.07.2017Initial release
01.08.2017Added reference [1], [2] and [3]
07.08.2017Added reference [4]
05.12.2017Added vendor status
13.12.2017Added reference [5], [6], [7] and [8]
13.01.2018Added reference [9], [10], [11], [12], [13], [14] and [15]