#VU7098 Information disclosure in VTScada - CVE-2017-6045
Published: June 15, 2017
Vulnerability identifier: #VU7098
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6045
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
VTScada
VTScada
Software vendor:
Trihedral Engineering Ltd
Trihedral Engineering Ltd
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to exposure of some files within the web server application to unauthenticated users. A remote attacker can read arbitrary files.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists due to exposure of some files within the web server application to unauthenticated users. A remote attacker can read arbitrary files.
Successful exploitation of the vulnerability results in information disclosure.
Remediation
Update to version 11.2.26.