Remote Configuration File Disclosure in Eaton Lighting EG2 Web Control
CVE-2016-0871

7.5HIGH

Key Information:

Vendor: Eaton Lighting Systems
Status: Eg2 Web Control
Vendor: CVE Published:; 6 April 2016

🔔 Create Eaton Lighting Systems Vulnerability Alert

What is CVE-2016-0871?

The Eaton Lighting EG2 Web Control, versions 4.04P and earlier, contains a vulnerability that allows remote attackers to access sensitive configuration files. By sending a direct request, these attackers can potentially expose critical credentials stored within, leading to unauthorized access and further exploitation of the system. It is imperative for users of the affected products to implement security measures and update their systems to mitigate the risks associated with this vulnerability.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-061-03

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2016
Vulnerability Reserved
Dec 17, 2015