An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/100558 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-17-150-01 | Mitigation Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2017-08-31T21:00:00
Updated: 2017-09-01T09:57:01
Reserved: 2016-06-23T00:00:00
Link: CVE-2016-5795
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-08-31T21:29:00.187
Modified: 2021-07-27T19:25:34.713
Link: CVE-2016-5795
JSON object: View
Redhat Information
No data.
CWE