Vulnerability CVE-2016-4525
Published: 2016-06-24   Modified: 2016-06-25

Description:
Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.3/10
4.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
Advantech -> Webaccess 

 References:
https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01
Copyright 2024, cxsecurity.com

 

Back to Top