Vulnerabilities > CVE-2016-2297 - Unspecified vulnerability in Meteocontrol products

CVSS 9.4 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

LOW

network

low complexity

meteocontrol

critical

NVD

Published: 2016-05-14

Updated: 2016-11-30

Summary

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."

Vulnerable Configurations

Part	Description	Count
Application	Meteocontrol Meteocontrol Web'Log PRO - Meteocontrol Web'Log PRO Unlimited - Meteocontrol Web'Log Basic 100 - Meteocontrol Web'Log Light -	4

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01
http://seclists.org/fulldisclosure/2016/May/52