CVE-2017-9640

A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software.
References
Link Resource
http://www.securityfocus.com/bid/100452 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01 Mitigation Third Party Advisory US Government Resource
https://www.exploit-db.com/exploits/42543/ Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/100452 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01 Mitigation Third Party Advisory US Government Resource
https://www.exploit-db.com/exploits/42543/ Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*
cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*
cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*
cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*
cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*
cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*
cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*
cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*
cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*
cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:36

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/100452 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/100452 - Third Party Advisory, VDB Entry
References () https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01 - Mitigation, Third Party Advisory, US Government Resource () https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01 - Mitigation, Third Party Advisory, US Government Resource
References () https://www.exploit-db.com/exploits/42543/ - Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/42543/ - Third Party Advisory, VDB Entry

27 Jul 2021, 19:25

Type Values Removed Values Added
CPE cpe:2.3:a:automatedlogic:webctrl:*:*:*:*:*:*:*:* cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*

Information

Published : 2017-08-25 19:29

Updated : 2024-11-21 03:36


NVD link : CVE-2017-9640

Mitre link : CVE-2017-9640

CVE.ORG link : CVE-2017-9640


JSON object : View

Products Affected

carrier

  • automatedlogic_webctrl

automatedlogic

  • sitescan_web
  • i-vu
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')