Remote File Access Vulnerability in Eaton xComfort Ethernet Communication Interface
CVE-2016-9368

7.5HIGH

Key Information:

Vendor
Eaton
Status
Eaton Xcomfort Ethernet Communication Interface
Vendor
CVE Published:
14 March 2017

Summary

A vulnerability in Eaton's xComfort Ethernet Communication Interface (ECI) allows an unauthorized user to access sensitive files by exploiting specific URLs on the web server. This risk applies to Versions 1.07 and earlier, where the lack of proper authentication mechanisms could lead to significant security breaches. It is crucial for users to upgrade to the latest version to ensure protection against this vulnerability.

Affected Version(s)

Eaton xComfort Ethernet Communication Interface Eaton xComfort Ethernet Communication Interface

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-061-01
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-9368 : Remote File Access Vulnerability in Eaton xComfort Ethernet Communication Interface | SecurityVulnerability.io