Lucene search

[email protected]CVE-2016-0871

HistoryApr 06, 2016 - 11:59 p.m.

CVE-2016-0871

2016-04-0623:59:03

CWE-200

[email protected]

web.nvd.nist.gov

eaton lighting

eg2 web control

cve-2016-0871

remote attack

configuration file

credentials discovery

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.2%

JSON

Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request.

Affected configurations

NVD

Node

eaton_lighting_systemseg2_web_controlRange≤4.04p

CPENameOperatorVersion
eaton_lighting_systems:eg2_web_controleaton lighting systems eg2 web controlle4.04p

CPE	Name	Operator	Version
eaton_lighting_systems:eg2_web_control	eaton lighting systems eg2 web control	le	4.04p

References

ics-cert.us-cert.gov/advisories/ICSA-16-061-03

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.2%

JSON

Related for CVE-2016-0871

prion1 cvelist1 nvd1 ics1