The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code.
References
Link | Resource |
---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-16-049-01 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2016-02-21T02:00:00
Updated: 2016-02-21T04:57:01
Reserved: 2016-02-09T00:00:00
Link: CVE-2016-2275
JSON object: View
NVD Information
Status : Analyzed
Published: 2016-02-21T05:59:01.137
Modified: 2016-03-10T19:52:56.207
Link: CVE-2016-2275
JSON object: View
Redhat Information
No data.
CWE