CVE-2017-6031 Information

Description

A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An \improper neutralization of HTTP headers for scripting syntax\ issue has been identified which may allow remote code execution.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/97479 https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01A

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8