The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of AlarmWorX64

vulnerability alert CVE-2016-2289

ICONICS WebHMI: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of ICONICS WebHMI, in order to read a file outside the service root path.
Impacted products: GENESIS32, GENESIS64.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 01/04/2016.
Identifiers: CVE-2016-2289, ICSA-16-091-01, VIGILANCE-VUL-19281.

Description of the vulnerability

The ICONICS WebHMI product offers a web service.

However, user's data are directly inserted in an access path. Sequences such as "/.." can thus be used to go in the upper directory.

An attacker can therefore traverse directories of ICONICS WebHMI, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about AlarmWorX64: