Main Vulnerability Database SB2016100501

SB2016100501 - Directory traversal in INDAS Web SCADA

Published: October 5, 2016

Security Bulletin ID SB2016100501

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Path traversal (CVE-ID: CVE-2016-8343)

The vulnerability alows a remote unauthenticated attacler to conduct directory traversal attacks.
The weakness exists due to improper filtration of user-supplied input. By sending specially crafted requests containing directory traversal characters (../) to the affected software, attackers can view arbitrary files on the target system.
Successful exploitation of the vulnerability will allows a malicious user to gain access to potentially sensitive information.

Remediation

Install update from vendor's website.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-278-01