CVE-2016-4501
CRITICALenvirosys ESC 8832 Data Controller < 3.02 - Unauthenticated Authentication Bypass
Title source: llmDescription
Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01
Scores
CVSS v3
9.1
EPSS
0.0173
EPSS Percentile
74.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-284
Status
published
Products (1)
envirosys/esc_8832_data_controller
< 3.02
Published
May 31, 2016
Tracked Since
Feb 18, 2026