CVE-2016-2275
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code.
La interfaz web en dispositivos Advantech/B+B SmartWorx VESP211-EU con firmware 1.7.2 y dispositivos VESP211-232 con firmware 1.5.1 y 1.7.2 confía en el cliente para implementar el control de acceso, lo que permite a atacantes remotos llevar a cabo acciones administrativas a través de código JavaScript modificado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-02-09 CVE Reserved
- 2016-02-21 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-049-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Advantech Search vendor "Advantech" | Vesp211-eu Firmware Search vendor "Advantech" for product "Vesp211-eu Firmware" | 1.7.2 Search vendor "Advantech" for product "Vesp211-eu Firmware" and version "1.7.2" | - |
Affected
| in | Advantech Search vendor "Advantech" | Vesp211-eu Search vendor "Advantech" for product "Vesp211-eu" | - | - |
Safe
|
| Advantech Search vendor "Advantech" | Vesp211-232 Firmware Search vendor "Advantech" for product "Vesp211-232 Firmware" | 1.5.1 Search vendor "Advantech" for product "Vesp211-232 Firmware" and version "1.5.1" | - |
Affected
| in | Advantech Search vendor "Advantech" | Vesp211-232 Search vendor "Advantech" for product "Vesp211-232" | - | - |
Safe
|
| Advantech Search vendor "Advantech" | Vesp211-232 Firmware Search vendor "Advantech" for product "Vesp211-232 Firmware" | 1.7.2 Search vendor "Advantech" for product "Vesp211-232 Firmware" and version "1.7.2" | - |
Affected
| in | Advantech Search vendor "Advantech" | Vesp211-232 Search vendor "Advantech" for product "Vesp211-232" | - | - |
Safe
|