Remote Configuration File Disclosure in Eaton Lighting EG2 Web Control
CVE-2016-0871

7.5HIGH

Key Information:

Vendor
Eaton Lighting Systems
Status
Eg2 Web Control
Vendor
CVE Published:
6 April 2016

Summary

The Eaton Lighting EG2 Web Control, versions 4.04P and earlier, contains a vulnerability that allows remote attackers to access sensitive configuration files. By sending a direct request, these attackers can potentially expose critical credentials stored within, leading to unauthorized access and further exploitation of the system. It is imperative for users of the affected products to implement security measures and update their systems to mitigate the risks associated with this vulnerability.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-061-03
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-0871 : Remote Configuration File Disclosure in Eaton Lighting EG2 Web Control | SecurityVulnerability.io