CVE-2016-9357 Information

Description

An issue was discovered in certain legacy Eaton ePDUs – the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30 2015 EMAxxx prior to January 31 2014 EAMAxx prior to January 31 2014 EMAAxx prior to January 31 2014 and ESWAxx prior to January 31 2014. An unauthenticated attacker may be able to access configuration files with a specially crafted URL (Path Traversal).

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

http://www.securityfocus.com/bid/95817 https://ics-cert.us-cert.gov/advisories/ICSA-17-026-01

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

5.3