PT-2017-9635 · Lynxspring · Lynxspring Jenesys Bas Bridge

Maxim Rupp

Published

2017-02-13

Updated

2017-02-17

CVE-2016-8357

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions Lynxspring JENEsys BAS Bridge versions 1.1.8 and older

Description A user with read-only access can send commands to the software, and the application will accept those commands, allowing an attacker to make changes within the application.

Recommendations For versions 1.1.8 and older, restrict access to the software to prevent users with read-only access from sending commands. As a temporary workaround, consider disabling command execution for users with read-only access until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2016-8357

Affected Products

Lynxspring Jenesys Bas Bridge

PT-2017-9635 · Lynxspring · Lynxspring Jenesys Bas Bridge

CVE-2016-8357

Weakness Enumeration

Related Identifiers

Affected Products

References · 4