PT-2017-10084 · Eaton · Eaton Epdus Eswaxx+1
Maxim Rupp
·
Published
2017-02-13
·
Updated
2017-03-16
·
CVE-2016-9357
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Eaton ePDUs EAMxxx versions prior to June 30, 2015
Eaton ePDUs EMAxxx versions prior to January 31, 2014
Eaton ePDUs EAMAxx versions prior to January 31, 2014
Eaton ePDUs EMAAxx versions prior to January 31, 2014
Eaton ePDUs ESWAxx versions prior to January 31, 2014
Description
An issue allows an unauthenticated attacker to access configuration files using a specially crafted URL, which enables Path Traversal.
Recommendations
For EAMxxx versions prior to June 30, 2015, consider restricting access to configuration files as a mitigation measure.
For EMAxxx versions prior to January 31, 2014, consider restricting access to configuration files as a mitigation measure.
For EAMAxx versions prior to January 31, 2014, consider restricting access to configuration files as a mitigation measure.
For EMAAxx versions prior to January 31, 2014, consider restricting access to configuration files as a mitigation measure.
For ESWAxx versions prior to January 31, 2014, consider restricting access to configuration files as a mitigation measure.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eaton Epdus Eamaxx
Eaton Epdus Eswaxx