CVE-2016-9357

Name of the Vulnerable Software and Affected Versions Eaton ePDUs EAMxxx versions prior to June 30, 2015 Eaton ePDUs EMAxxx versions prior to January 31, 2014 Eaton ePDUs EAMAxx versions prior to January 31, 2014 Eaton ePDUs EMAAxx versions prior to January 31, 2014 Eaton ePDUs ESWAxx versions prior to January 31, 2014

Description An issue allows an unauthenticated attacker to access configuration files using a specially crafted URL, which enables Path Traversal.

Recommendations For EAMxxx versions prior to June 30, 2015, consider restricting access to configuration files as a mitigation measure. For EMAxxx versions prior to January 31, 2014, consider restricting access to configuration files as a mitigation measure. For EAMAxx versions prior to January 31, 2014, consider restricting access to configuration files as a mitigation measure. For EMAAxx versions prior to January 31, 2014, consider restricting access to configuration files as a mitigation measure. For ESWAxx versions prior to January 31, 2014, consider restricting access to configuration files as a mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.