Vulnerability Details CVE-2016-2275
The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2016-2275
-
cpe:2.3:a:advantech:vesp211-232_firmware:1.5.1
-
cpe:2.3:a:advantech:vesp211-232_firmware:1.7.2
-
cpe:2.3:a:advantech:vesp211-eu_firmware:1.7.2
-
cpe:2.3:h:advantech:vesp211-232:-
-
cpe:2.3:h:advantech:vesp211-eu:-