A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/97479 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01A | Third Party Advisory US Government Resource |
http://www.securityfocus.com/bid/97479 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01A | Third Party Advisory US Government Resource |
Configurations
History
21 Nov 2024, 03:28
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/97479 - Third Party Advisory, VDB Entry | |
References | () https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01A - Third Party Advisory, US Government Resource |
Information
Published : 2017-05-06 00:29
Updated : 2024-11-21 03:28
NVD link : CVE-2017-6031
Mitre link : CVE-2017-6031
CVE.ORG link : CVE-2017-6031
JSON object : View
Products Affected
certec_edv_gmbh
- atvise_scada