Description
A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software.
Exploits (1)
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100452
Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/42543/
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01
Scores
CVSS v3
6.3
EPSS
0.0600
EPSS Percentile
90.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-22
Status
published
Products (4)
automatedlogic/i-vu
< 5.2
automatedlogic/sitescan_web
< 5.2
carrier/automatedlogic_webctrl
< 5.2
n/a/Automated Logic Corporation WebCTRL, i-VU, SiteScan
Automated Logic Corporation WebCTRL, i-VU, SiteScan
Published
Aug 25, 2017
Tracked Since
Feb 18, 2026