CVE-2016-5793 - Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local user

CVE-2016-5793

Summary

Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.

References

http://www.securityfocus.com/bid/93046
https://ics-cert.us-cert.gov/advisories/ICSA-16-264-01

Vulnerable Configurations

cpe:2.3:o:moxa:active_opc_server:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:active_opc_server:*:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 28-11-2016 - 20:29)
Impact:
Exploitability:

CWE

CWE-428

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	93046
misc	https://ics-cert.us-cert.gov/advisories/ICSA-16-264-01

Last major update

28-11-2016 - 20:29

Published

24-09-2016 - 10:59

Last modified

28-11-2016 - 20:29