CVE-2016-5813 Information

Description

An issue was discovered in Visonic PowerLink2 all versions prior to October 2016 firmware release. When a specific URL to an image is accessed the downloaded image carries with it source code used in the web server (INFORMATION EXPOSURE).

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

http://www.securityfocus.com/bid/94894 https://ics-cert.us-cert.gov/advisories/ICSA-16-348-01

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

5.3