exploitDog

CVE-2016-9368

Опубликовано: 14 мар. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating.

Ссылки

https://ics-cert.us-cert.gov/advisories/ICSA-17-061-01
Mitigation
Third Party Advisory
US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-17-061-01
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eaton:xcomfort_ethernet_communication_interface:*:*:*:*:*:*:*:*

Версия до 1.07 (включая)

EPSS

Процентиль: 44%

0.00216

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-284

CWE-284

Связанные уязвимости

GHSA-c3qp-rmmf-2xjg

CVSS3: 7.5

github

больше 3 лет назад

An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating.

EPSS

Процентиль: 44%

0.00216

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-284

CWE-284