| CVE ID | CVE-2016-4532 |
| CVSS SCORE | 5.0, AV:N/AC:L/Au:N/C:P/I:N/A:N |
| AFFECTED VENDORS |
Trihedral Engineering Ltd |
| AFFECTED PRODUCTS |
VTScada |
| VULNERABILITY DETAILS |
The specific flaw exists within the handling of Wireless Application Protocol requests. The issue lies in the failure to properly restrict the path from which images are retrieved. An attacker can leverage this vulnerability to disclose the contents of arbitrary files under the context of the user running the service. |
| ADDITIONAL DETAILS |
Trihedral Engineering Ltd has issued an update to correct this vulnerability. More details can be found at:
https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Anonymous |
