Schneider Electric Pelco Digital Sentry

Schneider Electric Pelco Digital Sentry Video Management System Vulnerability

CVE-2016-4520

DSSRV IP Video

A hard-coded credential vulnerability in Schneider Electric’s Pelco Digital Sentry Video Management System. Schneider Electric has produced a new firmware version to mitigate this vulnerability.

AFFECTED PRODUCTS

  • Pelco Digital Sentry Video Management System, versions prior to Version 7.13

IMPACT

Successful exploitation of this vulnerability may allow an attacker to gain access to execute code on the affected system.

VULNERABILITY

The affected product, Pelco Digital Sentry Video Management System, is a video recording system. According to Schneider Electric, Pelco Digital Sentry Video Management System is deployed across several sectors including Commercial Facilities. Schneider Electric estimates that these products are used worldwide.

VULNERABILITY

The affected system contains hard-coded credentials that may allow an attacker to gain access to confidential information or execute code on the affected system.

EXPLOITABILITY

This vulnerability could be exploited remotely.

MITIGATION

Schneider Electric has produced new firmware, Version 7.14, for the Pelco Digital Sentry Video Management System.