Vulnerability Description
A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Automatedlogic | I-Vu | <= 5.2 |
| Automatedlogic | Sitescan Web | <= 5.2 |
| Carrier | Automatedlogic Webctrl | <= 5.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100452Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01MitigationThird Party AdvisoryUS Government Resource
- https://www.exploit-db.com/exploits/42543/Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/100452Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01MitigationThird Party AdvisoryUS Government Resource
- https://www.exploit-db.com/exploits/42543/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2017-9640?
CVE-2017-9640 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC W...
How severe is CVE-2017-9640?
CVE-2017-9640 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9640?
Check the references section above for vendor advisories and patch information. Affected products include: Automatedlogic I-Vu, Automatedlogic Sitescan Web, Carrier Automatedlogic Webctrl.