CVE-2018-7246 in 66074 MGE Network Management Card
Summary
by MITRE
A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page "Access Control" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/27/2020
The vulnerability identified as CVE-2018-7246 represents a critical cleartext transmission flaw in Schneider Electric's MGE Network Management Card Transverse devices, specifically affecting MGE UPS and MGE STS systems. This security weakness resides within the integrated web server component that operates on standard TCP ports 80 and 443, creating an attack surface that allows remote adversaries to exploit the device's configuration. The vulnerability manifests when default administrative credentials are in use and the device fails to implement proper SSL encryption for web communications, thereby exposing sensitive authentication data to potential interception.
The technical exploitation of this vulnerability occurs through the device's web interface, specifically targeting the Access Control page accessible via the URL path /ups/pas_cont.htm on the device's IP address. When multiple requests are made to this particular page, the system transmits administrative account information in plaintext format rather than utilizing encrypted communication channels. This cleartext transmission exposes usernames and potentially passwords to man-in-the-middle attacks, network sniffing operations, and other passive reconnaissance techniques that could be employed by threat actors within the network perimeter.
From an operational impact perspective, this vulnerability creates significant risk for organizations utilizing Schneider Electric's MGE series equipment, particularly in environments where network security controls may be insufficient or where attackers have network access. The exposure of administrative credentials through cleartext transmission directly enables unauthorized access to device management interfaces, potentially allowing attackers to modify system configurations, disable security features, or gain full administrative control over the affected UPS and STS systems. This risk is compounded by the fact that default credentials are often used in production environments, making the exploitation more likely and straightforward for threat actors.
The vulnerability aligns with CWE-319, which specifically addresses the exposure of sensitive information through cleartext transmission over networks, and relates to ATT&CK technique T1071.004 for application layer protocol usage. Organizations should immediately implement mitigations including mandatory SSL/TLS encryption enforcement for web interfaces, disabling cleartext protocols where possible, and implementing network segmentation to isolate critical power management equipment. Additionally, regular credential rotation, disabling default accounts, and implementing network monitoring solutions capable of detecting anomalous web traffic patterns are essential defensive measures that address the root cause of this vulnerability while providing additional layers of protection against similar threats.