Описание
A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 2.5.10 (включая)
cpe:2.3:a:certec_edv_gmbh:atvise_scada:*:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01153
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-644
CWE-74
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution.
EPSS
Процентиль: 78%
0.01153
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-644
CWE-74