CVE-2010-4731

Name of the Vulnerable Software and Affected Versions WebSCADA WS100 and WS200 versions (affected versions not specified) Easy Connect EC150 versions (affected versions not specified) Modbus RTU - TCP Gateway MB100 versions (affected versions not specified) Serial Ethernet Server SS100 versions (affected versions not specified) IntelliCom NetBiter NB100 and NB200 platforms versions (affected versions not specified)

Description The issue allows remote authenticated administrators to read arbitrary files via a full pathname in the file parameter. This is a result of an absolute path traversal vulnerability in cgi-bin/read.cgi.

Recommendations For WebSCADA WS100 and WS200, restrict access to the cgi-bin/read.cgi endpoint to minimize the risk of exploitation. For Easy Connect EC150, avoid using the file parameter in the affected API endpoint until the issue is resolved. For Modbus RTU - TCP Gateway MB100, consider disabling the read.cgi function until a patch is available. For Serial Ethernet Server SS100, restrict access to the vulnerable cgi-bin module to minimize the risk of exploitation. For IntelliCom NetBiter NB100 and NB200 platforms, as a temporary workaround, consider limiting the privileges of authenticated administrators to reduce the impact of the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.