Design/Logic Flaw

2016-06-0814:59:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.3%

JSON

Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access.

CPENameOperatorVersion
symantec_critical_system_protectioneq5.2.9
symantec_data_center_security_servereq6.5.0
symantec_data_center_security_servereq6.6.0
symantec_data_center_security_server_and_agentseq6.6.0
symantec_embedded_security_critical_system_protectioneq1.0
symantec_embedded_security_critical_system_protection_for_controllers_and_deviceseq6.5.0

Name	Operator	Version
symantec_critical_system_protection	eq	5.2.9
symantec_data_center_security_server	eq	6.5.0
symantec_data_center_security_server	eq	6.6.0
symantec_data_center_security_server_and_agents	eq	6.6.0
symantec_embedded_security_critical_system_protection	eq	1.0
symantec_embedded_security_critical_system_protection_for_controllers_and_devices	eq	6.5.0