A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67.
https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/