Environmental Systems Corporation(ESC)8832数据控制器权限绕过及XSS漏洞

No description provided by source...

CVE-2016-4502

Environmental Systems Corporation ESC 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter...

CVE-2016-4501

Environmental Systems Corporation ESC 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors...

CVE-2016-4501

Environmental Systems Corporation ESC 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors...

Design/Logic Flaw

Environmental Systems Corporation ESC 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter...

Authentication flaw

Environmental Systems Corporation ESC 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors...

CVE-2016-4501

CVE-2016-4501 affects ESC 8832 Data Controller (v3.02 and earlier). Root cause: improper session handling enables authentication bypass, allowing remote attackers to perform arbitrary configuration changes. Public exploitation is evidenced by a Metasploit module; advisories (ICS-CERT ICSA-16-147-...

CVE-2016-4502

The CVE-2016-4502 entry affects Environmental Systems Corporation (ESC) 8832 Data Controller versions 3.02 and earlier. The vulnerability allows remote attackers to bypass authentication and perform unauthorized administrative operations by abusing a modified parameter, enabling privilege escalat...

CVE-2016-4501

Environmental Systems Corporation ESC 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors...

CVE-2016-4502

Environmental Systems Corporation ESC 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter...

Environmental Systems Corporation Data Controllers Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-147-01A Environmental Systems Corporation Data Controllers Vulnerabilities that was published June 2, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified data controller...

ESC 8832 Data Controller - Multiple Vulnerabilities

=begin Exploit Title: ESC 8832 Data Controller multiple vulnerabilities Date: 2014-05-29 Platform: SCADA / Web Application Exploit Author: Balazs Makany Vendor Homepage: www.envirosys.com Version: ESC 8832 Data Controller Hardware Tested on: ESC 8832 Data Controller Hardware CVE : N/A Yet POC for...