Vulnerabilities > CVE-2016-2297 - Remote Command Execution vulnerability in Multiple Meteocontrol WEB'log Products

CVSS 9.7 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

PARTIAL

network

low complexity

meteocontrol

critical

NVD

Published: 2016-05-14

Updated: 2016-11-30

Summary

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."

Vulnerable Configurations

Part	Description	Count
Application	Meteocontrol Meteocontrol Web'Log Basic 100 - Meteocontrol Web'Log Light - Meteocontrol Web'Log PRO - Meteocontrol Web'Log PRO Unlimited -	4

References

http://seclists.org/fulldisclosure/2016/May/52
https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01