PROMOTIC SCADA/HMI Webserver Directory Traversal Vulnerability Network Vulnerability

Summary

The host is running PROMOTIC SCADA/HMI Webserver and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks. Impact Level: Application

Solution

Update to version 8.1.5 or later, For updates refer to http://www.promotic.eu/en/promotic/scada-pm.htm

Insight

The flaw is due to improper validation of URI containing '..\..\' sequences, which allows attackers to read arbitrary files via directory traversal attacks.

Affected

PROMOTIC SCADA/HMI Server Version 8.1.3, Other versions may also be affected.

References

http://aluigi.altervista.org/adv/promotic_1-adv.txt
http://osvdb.org/show/osvdb/76395
http://secunia.com/advisories/46430

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

GoAhead WebServer Script Source Code Disclosure
Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
IBM WebSphere Application Server Multiple Vulnerabilities
AOLServer Terminal Escape Sequence in Logs Command Injection Vulnerability
Ecava IntegraXor Account Information Disclosure Vulnerability

Take action and discover your vulnerabilities