CVE-2016-5795

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-5795
An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network.

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www.securityfocus.com/bid/100558 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-150-01 Mitigation Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/100558 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-150-01 Mitigation Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*
cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*
cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*
History

21 Nov 2024, 02:55

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/100558 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/100558 - Third Party Advisory, VDB Entry
References () https://ics-cert.us-cert.gov/advisories/ICSA-17-150-01 - Mitigation, Third Party Advisory, US Government Resource () https://ics-cert.us-cert.gov/advisories/ICSA-17-150-01 - Mitigation, Third Party Advisory, US Government Resource

27 Jul 2021, 19:25

Type Values Removed Values Added
CPE cpe:2.3:a:automatedlogic:webctrl:*:*:*:*:*:*:*:* cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*
Information

Published : 2017-08-31 21:29

Updated : 2025-04-20 01:37

NVD link : CVE-2016-5795

Mitre link : CVE-2016-5795

CVE.ORG link : CVE-2016-5795

JSON object : View

Products Affected

automatedlogic

  • i-vu
  • sitescan_web

carrier

  • automatedlogic_webctrl
CWE
CWE-611

Improper Restriction of XML External Entity Reference