Improper input validation - CVE-2016-4525
Published: June 29, 2016 / Updated: November 22, 2018
Vulnerability identifier: #VU53
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-4525
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allow a local user to to insert and run arbitrary code on an affected system.
This vulnerability ts not exploitable remotely and cannot be exploited without user interaction.
Successful exploitation of this vulnerability may lead to several ActiveX controls, which are intended for restricted use, can be marked as safe-for-scripting.
This vulnerability ts not exploitable remotely and cannot be exploited without user interaction.
Successful exploitation of this vulnerability may lead to several ActiveX controls, which are intended for restricted use, can be marked as safe-for-scripting.
How to mitigate CVE-2016-4525
Advantech has released a new version of WebAccess, Version 8.1_20160519, to address the reported vulnerabilities.
This new version is available on:
http://www.advantech.com/industrial-automation/webaccess
This new version is available on:
http://www.advantech.com/industrial-automation/webaccess