CVE-2016-4525

MEDIUM

Advantech WebAccess <8.1_20160519 - Info Disclosure

Title source: llm

Description

Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.

References (1)

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01

Scores

CVSS v3 6.6

EPSS 0.0023

EPSS Percentile 45.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Classification

Status draft

Affected Products (1)

advantech/webaccess < 8.1

Timeline

Published Jun 25, 2016

Tracked Since Feb 18, 2026