Vulnerability Description
In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hoytech | Antiweb | <= 3.8.7 |
Related Weaknesses (CWE)
References
- http://misteralfa-hack.blogspot.cl/2017/05/apps-industrial-ot-over-server-anti-wMailing ListThird Party Advisory
- https://github.com/ezelf/industrial_Tools/tree/master/scadas_server_antiweb/LFIThird Party Advisory
- https://www.netbiter.com/docs/default-source/netbiter-english/software/hms-securPatchVendor Advisory
- http://misteralfa-hack.blogspot.cl/2017/05/apps-industrial-ot-over-server-anti-wMailing ListThird Party Advisory
- https://github.com/ezelf/industrial_Tools/tree/master/scadas_server_antiweb/LFIThird Party Advisory
- https://www.netbiter.com/docs/default-source/netbiter-english/software/hms-securPatchVendor Advisory
FAQ
What is CVE-2017-9097?
CVE-2017-9097 is a vulnerability with a CVSS score of 9.1 (CRITICAL). In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, an...
How severe is CVE-2017-9097?
CVE-2017-9097 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-9097?
Check the references section above for vendor advisories and patch information. Affected products include: Hoytech Antiweb.