Lucene search

[email protected]CVE-2016-4501

HistoryMay 31, 2016 - 1:59 a.m.

CVE-2016-4501

2016-05-3101:59:08

CWE-284

[email protected]

web.nvd.nist.gov

esc

8832 data controller

cve-2016-4501

remote authentication bypass

configuration change

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.5%

JSON

Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors.

Affected configurations

NVD

Node

envirosysesc_8832_data_controllerRange≤3.02

CPENameOperatorVersion
envirosys:esc_8832_data_controllerenvirosys esc 8832 data controllerle3.02

CPE	Name	Operator	Version
envirosys:esc_8832_data_controller	envirosys esc 8832 data controller	le	3.02

References

ics-cert.us-cert.gov/advisories/ICSA-16-147-01

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.5%

JSON

Related for CVE-2016-4501

prion1 cvelist1 nvd1 ics2 threatpost1