URL Encoding Vulnerability in IniNet embeddedWebServer
CVE-2015-1002

Currently unrated

Key Information:

Vendor: Ininet Solutions
Status: Scada Web Server
Vendor: CVE Published:; 25 October 2015

🔔 Create Ininet Solutions Vulnerability Alert

What is CVE-2015-1002?

The IniNet embeddedWebServer (also referred to as eWebServer) prior to version 2.02 is susceptible to an improper input validation vulnerability, where incorrect handling of URL encoding can be exploited by remote attackers. This oversight allows for unauthorized file operations, including the ability to write to or delete files on the vulnerable system through the injection of specially crafted strings in HTTP requests.

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-293-02

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2015
Vulnerability Reserved
Jan 10, 2015