Summary
The host is running PROMOTIC SCADA/HMI Webserver and is prone to directory traversal vulnerability.
Impact
Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks.
Impact Level: Application
Solution
Update to version 8.1.5 or later,
For updates refer to http://www.promotic.eu/en/promotic/scada-pm.htm
Insight
The flaw is due to improper validation of URI containing '..\..\' sequences, which allows attackers to read arbitrary files via directory traversal attacks.
Affected
PROMOTIC SCADA/HMI Server Version 8.1.3, Other versions may also be affected.
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- iWeb Server URL Directory Traversal Vulnerability
- IBM WebSphere Application Server 'plugin-key.kdb' Information Disclosure Vulnerability
- Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
- Apache Tomcat Multiple Vulnerabilities January 2010
- Arbor Networks Peakflow SP 'index/' Cross Site Scripting Vulnerability