Vulnerabilities > CVE-2016-10224 - 7PK - Security Features vulnerability in Sauter-Controls Novaweb web HMI

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sauter-controls

CWE-254

NVD

Published: 2017-02-13

Updated: 2021-08-31

Summary

An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.

Vulnerable Configurations

Part	Description	Count
Application	Sauter-Controls Sauter Controls Novaweb WEB HMI *	1

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-343-02