PROMOTIC SCADA/HMI Webserver Directory Traversal Vulnerability Network Vulnerability

Summary

The host is running PROMOTIC SCADA/HMI Webserver and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks. Impact Level: Application

Solution

Update to version 8.1.5 or later, For updates refer to http://www.promotic.eu/en/promotic/scada-pm.htm

Insight

The flaw is due to improper validation of URI containing '..\..\' sequences, which allows attackers to read arbitrary files via directory traversal attacks.

Affected

PROMOTIC SCADA/HMI Server Version 8.1.3, Other versions may also be affected.

References

http://aluigi.altervista.org/adv/promotic_1-adv.txt
http://osvdb.org/show/osvdb/76395
http://secunia.com/advisories/46430

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Aspen Sever Directory Traversal Vulnerability
Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability
Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
IBM WebSphere Application Server (WAS) Security Bypass Vulnerability - March 2011
IBM WebSphere Application Server JNDI information disclosure Vulnerability

Take action and discover your vulnerabilities