exploitDog

CVE-2016-8357

Опубликовано: 13 фев. 2017

Источник: nvd

CVSS3: 7.1

CVSS2: 5.5

EPSS Низкий

Описание

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application.

Ссылки

http://www.securityfocus.com/bid/94344
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01
Mitigation
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/94344
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lynxspring:jenesys_bas_bridge:*:*:*:*:*:*:*:*

Версия до 1.1.8 (включая)

EPSS

Процентиль: 42%

0.00202

Низкий

7.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-xfvx-52p9-958m

CVSS3: 7.1

github

больше 3 лет назад

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application.

EPSS

Процентиль: 42%

0.00202

Низкий

7.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-264