CVE-2016-9357

MEDIUM

Eaton ePDUs <June 30, 2015 - Path Traversal

Title source: llm

Description

An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx prior to January 31, 2014. An unauthenticated attacker may be able to access configuration files with a specially crafted URL (Path Traversal).

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95817

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-17-026-01

Scores

CVSS v3 5.3

EPSS 0.0166

EPSS Percentile 81.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-22

Status published

Affected Products (6)

eaton/eamxxx_series_epdu_firmware < 06-30-2015

eaton/emaxxx_series_epdu_firmware < 01-31-2014

eaton/eamaxx_series_epdu_firmware < 01-31-2014

eaton/emaaxx_series_epdu_firmware < 01-31-2014

eaton/eswaxx_series_epdu_firmware < 01-31-2014

n/a/Eaton ePDU EoL devices < Eaton ePDU EoL devices

Timeline

Published Feb 13, 2017

Tracked Since Feb 18, 2026