CVE-2016-9353

7.8HIGH

Key Information:

Vendor: Advantech
Status: Advantech Susiaccess Server 3.0 And Prior
Vendor: CVE Published:; 13 February 2017

Summary

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use.

Affected Version(s)

Advantech SUSIAccess Server 3.0 and prior Advantech SUSIAccess Server 3.0 and prior

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04

x_refsource_MISC

http://www.securityfocus.com/bid/94631

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2017
Vulnerability Reserved
Nov 16, 2016