Vulners
Lucene search
Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | Automated Logic Corporation Multiple Device XML External Entity Vulnerability | 1 Sep 201700:00 | – | cnvd |
 | CVE-2016-5795 | 31 Aug 201721:00 | – | cve |
 | CVE-2016-5795 | 31 Aug 201721:00 | – | cvelist |
 | EUVD-2016-6730 | 7 Oct 202500:30 | – | euvd |
 | Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU | 30 May 201700:00 | – | ics |
 | CVE-2016-5795 | 31 Aug 201721:29 | – | nvd |
 | CVE-2016-5795 | 31 Aug 201721:29 | – | osv |
 | Design/Logic Flaw | 31 Aug 201721:29 | – | prion |
 | Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795) | 6 Apr 202300:00 | – | nessus |
| Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795) | 6 Apr 202300:00 | – | nessus |
10
| Source | Link |
|---|---|
| ics-cert | www.ics-cert.us-cert.gov/advisories/ICSA-17-150-01 |
| securityfocus | www.securityfocus.com/bid/100558 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500962);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/04");
script_cve_id("CVE-2016-5795");
script_xref(name:"ICSA", value:"17-150-01");
script_name(english:"Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"An XXE issue was discovered in Automated Logic Corporation (ALC)
Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5
and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could
enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a
weakly configured XML parser causing the application to execute
arbitrary code or disclose file contents from a server or connected
network.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://ics-cert.us-cert.gov/advisories/ICSA-17-150-01");
script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/100558");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
ALC applications should always be installed and maintained in accordance with the guidelines found here:
http://www.automatedlogic.com/Pages/Security.aspx.
In addition, ALC has released the following patches:
- WebCTRL 6.0, Cumulative Patch #11;
- WebCTRL 6.1, Cumulative Patch #4; and
- WebCTRL 6.5, Cumulative Patch #5.
These patch releases may be obtained on the Automated Logic accounts web site or calling Technical Support at
770-429-3002:
- i-Vu 6.0, Cumulative Patch #11; and
- i-Vu 6.5, Cumulative Patch #5.
These patch releases may be obtained by calling Technical Support at 800-277-9852:");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5795");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(611);
script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/31");
script_set_attribute(attribute:"patch_publication_date", value:"2017/08/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/06");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:automatedlogic:sitescan_web");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Vertiv");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Vertiv');
var asset = tenable_ot::assets::get(vendor:'Vertiv');
var vuln_cpes = {
"cpe:/a:automatedlogic:sitescan_web" :
{"versionEndIncluding" : "6.5", "family" : "LiebertSiteScan"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Sep 2024 00:00Current
7.5High risk
Vulners AI Score7.5
CVSS 37.3
CVSS 27.5
EPSS0.02239