CVE-2016-4501

CRITICAL

envirosys ESC 8832 Data Controller < 3.02 - Unauthenticated Authentication Bypass

Title source: llm
STIX 2.1

Description

Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01

Scores

CVSS v3 9.1
EPSS 0.0173
EPSS Percentile 74.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-284
Status published
Products (1)
envirosys/esc_8832_data_controller < 3.02
Published May 31, 2016
Tracked Since Feb 18, 2026