CVE-2017-6031
HIGHatvise scada < 3.0 - Remote Code Execution via HTTP Header Injection
Title source: llmDescription
A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01A
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97479
Scores
CVSS v3
8.8
EPSS
0.0275
EPSS Percentile
84.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-644
CWE-74
Status
published
Products (2)
certec_edv_gmbh/atvise_scada
< 2.5.10
n/a/Certec EDV GmbH atvise scada
Certec EDV GmbH atvise scada
Published
May 06, 2017
Tracked Since
Feb 18, 2026